Tag: softwaresupplychain

• cosign Verification of npm Provenance, GitHub Artifact Attestations, and Homebrew Provenance
• Sigstore January Roundup
• Sigstore December Roundup
• Signatus, ergo securus? Who can sign what with TUF and Sigstore
• New Sigstore Landscape: Add your signed project
• Using Sigstore to meet FedRAMP Compliance at Autodesk
• 'Sigstore: Software Signing For Everybody' has been published in the proceedings of the ACM Computer and Communications Security Conference
• A New Look for Sigstore
• Sigstore Update — September 2022
• Signing and Securing Confidential Kubernetes Clusters in the Cloud with Sigstore
• Sigstore Update — August 2022
• Adopting Sigstore Incrementally
• Privacy in Sigstore
• Sigstore: Bring-your-own sTUF with TUF
• Celebrating 1,000,000 entries in Rekor
• It’s ten o’clock, do you know where your private keys are?
• A Safer curl | bash ?