Our great sponsors
-
The RFC trying to introduce sigstore for RubyGems is an interesting look at this in practice: https://github.com/rubygems/rfcs/pull/37
-
I agree. There are projects such as https://github.com/ossf/package-analysis and https://github.com/step-security/harden-runner that do behavior analysis. Disclaimer: I’m maintainer of the second one.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
harden-runner
Network egress filtering and runtime security for GitHub-hosted and self-hosted runners
I agree. There are projects such as https://github.com/ossf/package-analysis and https://github.com/step-security/harden-runner that do behavior analysis. Disclaimer: I’m maintainer of the second one.
-
-
hagrid-container
Hagrid as in, "keeper of keys". Verifying OpenPGP keyserver, written in Rust. OCI image
Sigstore and cosign are so simple to use. I setup all the containers I maintain to be signed (This is done within the Github Action).
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Related posts
- How to publish on npm with `--provenance` using Lerna-Lite
- you must have the "bigquery.datasets.create" permission on the selected project
- IAM Best Practices [cheat sheet included]
- harden-runner: Protect your CI/CD pipeline from SolarWinds and Codecov-Type Attacks with the Harden-Runner Security Agent
- Show HN: Protect Your CI/CD from SolarWinds-Type Attacks with This Agent