DEV Community

Supply Chain Security Series' Articles

Back to kt's Series
Supply Chain Security: A Deep Dive into SBOM and Code Signing
Cover image for Supply Chain Security: A Deep Dive into SBOM and Code Signing
kanywst profile
kt

Supply Chain Security: A Deep Dive into SBOM and Code Signing

#security #sbom #kubernetes #devops
Comments
11 min read
Sigstore Deep Dive: Unmasking the Magic Behind Keyless Verification
Cover image for Sigstore Deep Dive: Unmasking the Magic Behind Keyless Verification
kanywst profile
kt

Sigstore Deep Dive: Unmasking the Magic Behind Keyless Verification

#security #sigstore #kubernetes #devops
Comments
18 min read
SLSA Deep Dive: Securing the Supply Chain Using Verifiable Levels
Cover image for SLSA Deep Dive: Securing the Supply Chain Using Verifiable Levels
kanywst profile
kt

SLSA Deep Dive: Securing the Supply Chain Using Verifiable Levels

#security #supplychain #slsa #openssf
1
Comments 1
12 min read
Why Did Docker Abandon TUF?: A Turbulent History of Container Signing
Cover image for Why Did Docker Abandon TUF?: A Turbulent History of Container Signing
kanywst profile
kt

Why Did Docker Abandon TUF?: A Turbulent History of Container Signing

#security #docker #supplychain #sigstore
2
Comments
10 min read
SLSA Provenance Hands-on: Generate with GitHub Actions, Verify with slsa-verifier
Cover image for SLSA Provenance Hands-on: Generate with GitHub Actions, Verify with slsa-verifier
kanywst profile
kt

SLSA Provenance Hands-on: Generate with GitHub Actions, Verify with slsa-verifier

#security #supplychain #slsa #sigstore
Comments
11 min read
Hacking GitHub: From Tag Rewrites to Dangling Commits, Where the Git Protocol Trusts You Without Checking
Cover image for Hacking GitHub: From Tag Rewrites to Dangling Commits, Where the Git Protocol Trusts You Without Checking
kanywst profile
kt

Hacking GitHub: From Tag Rewrites to Dangling Commits, Where the Git Protocol Trusts You Without Checking

#security #github #git #supplychain
Comments
19 min read