#securesoftwaresupplychain
Protecting the Software Supply Chain: The Art of Continuous Improvement
#Docker #Products #DockerHub #DockerOfficialImages #DockerScout #SecureSoftwareSupplyChain #Security #WhatIsDockercollection
https://www.docker.com/blog/software-supply-chain-art-of-continuous-improvement/
๐ฎ๐น La sicurezza della software supply chain รจ un tema fondamentale e spesso trattato con troppa superficialitร . Ne ho scritto per @GuerreDiRete
https://www.guerredirete.it/come-tracciare-la-sicurezza-della-software-supply-chain/
Why Secure Development Environments Are Essential for Modern Software Teams
#Docker #Products #SecureSoftwareSupplyChain #Security #WhatIsDockercollection
Building Trust into Your Software with Verified Components
#Docker #Products #DockerHub #DockerScout #SecureSoftwareSupplyChain #Security #WhatIsDockercollection
https://www.docker.com/blog/building-trust-into-your-software-with-verified-components/
Enhancing Container Security with Docker Scout and Secure Repositories
#Docker #Products #DockerBestPractices #DockerScout #SBOM #SecureSoftwareSupplyChain #Security #Securityseries
https://www.docker.com/blog/enhancing-container-security-with-docker-scout-and-secure-repositories/
Heck yah. Love seeing the "Verifying attestation" message on Brew while upgrading. It's using sigstore!
Docker Scout Health Scores: Security Grading for Container Images in Your Docker Hub Registry
#Docker #Products #DockerHub #DockerScout #SBOM #SecureSoftwareSupplyChain #Security
https://www.docker.com/blog/docker-scout-health-scores-security-grading-for-container-images/
From Misconceptions to Mastery: Enhancing Security and Transparency with Docker Official Images
#Docker #Products #ContainerSecurity #DockerOfficialImages #Opensource #SecureSoftwareSupplyChain #Security
https://www.docker.com/blog/enhancing-security-and-transparency-with-docker-official-images/
OpenSSH and XZ/liblzma: A nation-state attack was thwarted, what did we learn?
#Docker #Engineering #SecureSoftwareSupplyChain #Security
Given the news of the xz backdoor, may I recommend this seminal paper from Ken Thompson's 1984 Turing Award lecture showing how a compiler with no backdoors in the source code can nevertheless propagate a backdoor.
Reflections on trusting trust | the morning paper
https://blog.acolyer.org/2016/09/09/reflections-on-trusting-trust/
Is Your Container Image Really Distroless?
#Docker #Engineering #ContainerSecurity #Dockersecurity #Kubernetes #SecureSoftwareSupplyChain
https://www.docker.com/blog/is-your-container-image-really-distroless/
Announcing Docker Scout Software Supply Chain Solution for Open Source Projects
#Docker #Products #DockerScout #Opensource #SecureSoftwareSupplyChain
https://www.docker.com/blog/docker-scout-software-supply-chain-solution-for-open-source-projects/
How to Use OpenPubkey with GitHub Actions Workloads
#Products #Docker #Githubaction #Opensource #OpenPubkey #SecureSoftwareSupplyChain #Security
https://www.docker.com/blog/how-to-use-openpubkey-with-github-actions-workloads/
Achieve Security and Compliance Goals with Policy Guardrails in Docker Scout
#Docker #Products #Developers #DockerScout #SecureSoftwareSupplyChain #Security
Announcing Docker Scout GA: Actionable Insights for the Software Supply Chain
#Docker #Products #DockerScout #SecureSoftwareSupplyChain
Gave a lightning talk on Sigstore's policy controller over at the Wellington OpenShift meetup today
Here's a link to the slides!
#wellington #sigstore #openshift #securesoftwaresupplychain #cosign
5 Benefits of a Container-First Approach to Software Development
#Docker #Products #Containers #Developers #Dockerfile #SecureSoftwareSupplyChain
https://www.docker.com/blog/5-benefits-of-a-container-first-approach-to-software-development/
How to sign images and artifacts on GitLab CI
https://docs.gitlab.com/ee/ci/yaml/signing_examples.html
#sigstore #gitlabci #gitlab #cosign #securesoftwaresupplychain