🖼️00Sigstore and OWASP: The Definitive Guide to automation for SecurityDEV Community·ANKUSH CHOUDHARY JOHAL·27 days ago#00TTYKqx#code#tip#sigstore#owasp#dependency#signing+2 more🧰Tag tools✨Add tagIn 2024, 82% of supply chain attacks targeted unsigned container images and unverified dependencies,...15s0Read later0Read More
🖼️00Why Did Docker Abandon TUF?: A Turbulent History of Container SigningDEV Community·kt·about 1 month ago#Cw7zg8wZ#sigstore#ocidistributionspecificationv110#generation#notary#docker#registry+4 more🧰Tag tools✨Add tagWhy did Docker Content Trust (Notary v1) fail, and how did the industry pivot to Sigstore and Notary v2? A timeline of container signing architecture, contrasted with PyPI's success story.15s0Read later0Read More
📰00SE Radio 712: Dan Lorenc on SigstoreSoftware Engineering Radio·Software Engineering Radio·about 1 month ago#ozjUFZkJ#se-radio#sigstore#software#supply#chain#lorenc+3 more🧰Tag tools✨Add tagDan Lorenc, co-founder and CEO of Chainguard, joins host Priyanka Raghavan to explore Sigstore and its role in securing the software supply chain.… Read more15s0Read later0Read More
