Dan LorencinsigstoreKubernetes signals massive adoption of Sigstore for protecting open source ecosystemKubernetes 1.24 will be the first release officially using Sigstore, enabling seamless verification of signatures to protect against supply…May 3, 2022May 3, 2022
Dan LorencinsigstoreSigstore ❤ Ruby!We started the Sigstore project with a goal of making key management, certificates, and digital signatures accessible and easy to use for…Jan 28, 2022Jan 28, 2022
Dan LorencThe Sigstore Trust ModelI hope this post can help reduce confusion around exactly how Sigstore’s trust model works, and how trust flows from the community root…Dec 9, 2021Dec 9, 2021
Dan LorencNotary V2 and CosignThis post is to help reduce confusion between the Notary V2/Notation and Cosign projects. This is a common question from end users that I…Nov 8, 20211Nov 8, 20211
Dan LorencinsigstoreSpooky October Updates for Sigstore!October is almost done, so it’s time for another update! The supply chains are clearly haunted, so this one has a spooky theme.Oct 29, 2021Oct 29, 2021
Dan LorencZero Trust Supply Chain SecurityThis post accompanies a talk I just gave at the 2021 Open Source Summit, called Zero Trust Supply Chain Security. The slides are available…Oct 2, 20211Oct 2, 20211
Dan LorencA Bit of Ambiance comes to SigstoreZero-trust security starts with trusting actual entities based on strong identity, not whoever happens to control a secret, or whoever gets…Sep 16, 2021Sep 16, 2021
Dan LorencImproving TOFU With TransparencyTOFU is an OK substitute for when you have nothing better, but it’s never the best choice.Aug 22, 2021Aug 22, 2021