This #LastWeekInAppSec is a great reminder that automation and dev tooling is part of an organizations attack surface. #Sigstore, #pnpm, and #n8n all have vulns to pay attention to, but (mostly) not panic over.
👉 should you worry? read: buff.ly/ATRNVz3
#AppSec #ProductSecurity #DevSecOps #DevOps
New post out 'FluxCD OCI Artifact Verification'
calebwoodbine.nz/fluxcd-oci-a...
#fluxcd #kustomize #helm #kubernetes #cncf #homelab #sigstore
Recently moved to exclusively using OCI for deploying through FluxCD.
Vendoring Helm charts to an OCI repo.
Utilising Sigstore, every OCI image is signed in CI and verified by FluxCD via the verify config in OCIRepository resources.
#fluxcd #kustomize #helm #kubernetes #cncf #homelab #sigstore
💡 OpenSSF Project Highlight: Sigstore - A Wax Seal of Security for the Digital Era
❓ Why this matters: the Sigstore project is building a modern, transparent trust layer for open source.
Watch this interview and learn more about #Sigstore: youtu.be/m5eTw4x33kU?...
🎉 The new #Sigstore Rekor transparency log public dataset is now available on BigQuery!
This dataset makes it easier for researchers to analyze software signing trends & understand how artifacts are signed across the open source ecosystem.
🔗 Read: openssf.org/blog/2025/10...
#gentoo #python #rust
I wanted to never touch #uv in my life
But...
Lo and behold, out of nowhere, #sigstore wants `sigstore-models` now
And `sigstore-models` wants `uv-build`
And `uv-build` wants `uv`
God damn
🚨 The AI wave is here, and with it comes a new cybersecurity battleground.
Discover how open source tools like #Sigstore, and #SLSA-based frameworks can help close these gaps and build more resilient AI systems.
Read the blog and learn how to get involved: openssf.org/blog/2025/08...
New to OpenSSF or thinking about getting involved? We've got you. 💡
This blog by Ejiro and Sal introduces all our working groups, tools, and projects like #sigstore, #SLSA, and #OpenSSFScorecard.
Start here 👉 openssf.org/blog/2025/08...
🚀 NEW on We ❤️ Open Source 🚀
Docker is phasing out Content Trust. Nigel Douglas shares what this means for image signing and why Sigstore or Notation might be your next step.
allthingsopen.org/articles/doc...
#WeLoveOpenSource #Docker #ContainerSecurity #Sigstore #Notation #DevSecOps
🎬 Check out this episode where @rawkode.dev dives into Project sigstore with Dan Lorenc! Learn how to secure your software supply chain with cryptographic signing and transparency logs. 🛠️🔒 #sigstore #supplychainsecurity
🔐 New Case Study: How is Google securing the future of machine learning?
By partnering with #sigstore and the Open Source Security Foundation (OpenSSF), they’ve implemented model signing that makes AI systems more trustworthy by default.
openssf.org/blog/2025/07...
1/2
Today I was playing with Minisign and Cosign to evaluate whether it’s worth signing some of my OSS software with something other than PGP.
Here’s my verdict: Minisign is promising… Much easier to use than PGP. That simplicity, of course, comes at the cost of giving up a few features.
#OSS […]
Python 3.14 beta is now available, and there is no GPG signatures per PEP 751. Please test your verification of Python artifacts using Sigstore :)
#python #gpg #sigstore #security #oss #opensource
https://peps.python.org/pep-0761/
🔏 Secure Model Signing Made Simple with Sigstore!
Ensuring ML model integrity just got easier.
#MLSecurity #Sigstore #MachineLearning #DevOps #AI #Cybersecurity #ArdaGuler #Strasbourg #IagoAspas #FCNSCO #Ancelotti #TheVoice #Courtois #RCSAPSG #MayThe4thBeWithYou
www.mytechnews.co/sensible-man...
