🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

We use SPIFFE as a way to distribute trust, using remote attestation in our Judge platform. However, we don't expect our users to understand Spire, and spire registrations. We are making great progress on federating SPIRE and making registration easy. asciinema.org/a/ieVRO9nQ3AZx…

I started adding support for the SPIRE delegated identity API to Witness today. This lets us sign attestations based on the shasum of the CI command being run. Great work on this powerful API SPIFFE team!

We had a user post an issue that hit an edge case we didn't test for. Our team fixed the issue the next business day, along with unit and integration tests. I couldn't be more proud of our engineering team led by Mikhail Swift

preview of our backend for Witness. Amazing work by Mikhail Swift/🦄 Frederick Kautz (Emeritus KubeCon Co-Chair)

We are working on making supply chain security and compliance easy. Learn more at witness.dev Witness

Have you ever wondered how to inventory all the dependencies in a software build? In this talk, I will showcase how end users can create and use #BPF traces to minimize #CVE false positives and negatives with Witness and Cilium #tetragon sched.co/1AOie

We just landed initial Witness support for GitHub. This uses a preview build of Witness with #Archivist support. A GitHub attestor, and Keyless signing should drop before Kubecon. Let me know if you give it a whirl. github.com/testifysec/wit…

Petition to start calling these GUESSBOMs! 💣💣💣

You can now generate in-toto metadata via a GitHub action, thanks to Cole Kennedy's work at Kubecon_'s in-toto + TUF + sigstore ContribFest! github.com/marketplace/ac…

Amazing.

In-toto vs. sigstore: what are they and how do they differ? 🧵 👇 sigstore Santiago #intoto

There needs to be more clarity in the Software Supply Chain Security space In our latest blog article, We talk about the differences between in-toto and sigstore, and when it is appropriate to use each. testifysec.com/blog/sigstore-…

At TestifySec we know that getting compromised can seriously affect organizations. That's why we're dedicated to securing the software supply chain and ensuring the integrity of the software being developed. Don't let your software become a vulnerability - trust TestifySec.

In the land of TestifySec, Our products do protect, Witness and Archivista, Together a perfect pair, To help secure your software, From source to production fair, And Judge to enforce the rules, With policies that we can share, So come and try our tools, And join us in our quest

Introducing Archivista, a server-side app that helps businesses securely manage their software supply chain data. Protect your supply chain and make confident, informed decisions. Visit our website or contact us to schedule a demo. testifysec.com/blog/secure-su…

Great blog post by Cole Kennedy published on TestifySec website about comparing #intoto and sigstore; you will find very niche details about them; don't forget to read it 👇 testifysec.com/blog/sigstore-…

At TestifySec, we're passionate about #softwaresecurity and #supplychainsecurity. But we're also passionate about our families. As the holiday season approaches, remember to prioritize the people who matter most. #familytime

Make sure to head over and star it today to ensure you stay updated with project updates and information. We have room for more "relationships". 😉 Join the #witness community - buff.ly/3JFu7tG #supplychain #cybersecurity #repo #github

As a seasoned Go developer our CTO, Mikhail Swift, recently explored the transformative impact of the much-awaited generics feature in Go 1.18 through a compelling use case within our Witness project. See what he learned in the full blog post: buff.ly/3S5BvmM