Build and sign application containers

This page summarizes the projects mentioned and recommended in the original post on dev.to
Security Logging supply-chain Ruby provenance

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • slsa

    Supply-chain Levels for Software Artifacts

    • The Supply chain Levels Software Artifact(SLSA) puts a security framework in place that each software build can follow, ensuring the integrity of the built artifact.

  • rekor

    Software Supply Chain Transparency Log

    • With containers being the heart of Cloud Native application development, it has become even more critical to ensure the integrity of the containers. One of the ways to do this to sign and verify the container images.sigstore is a open source project that empowers software developers to securely sign the container images.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • Puts Debuggerer

    Ruby library for improved puts debugging, automatically displaying bonus useful information such as source line number and source code.

    • Signing alone is not sufficient to ensure the overall security of any software, adopting SLSA and continuous improvement of the build process(SLSA levels) is very critical. By using Harness Platform we documented our build process and also implicitly started to move towards SLSA Level 2 by using a Host source (GitHub) and build(Harness CI).

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts