Intelligent Sorbet's Highlights on 'New Chainguard Academy tutorial: Cosign the Manual Way'

OAPR on Twitter

twitter.com/AneriesPR/status/1651144419393908737

Apr 26, 2023

Amazon.fr - Les Amateurs: Les coulisses d'un quinquennat - Aphatie, Jean-Michel - Livres

www.amazon.fr/Amateurs-coulisses-dun-quinquennat/dp/2080257420/ref=sr_1_1?__mk_fr_FR=%C3%85M%C3%85%C5%BD%C3%95%C3%91&crid=5C88BD09POR0&keywords=jean+michel+aphatie&qid=1682237869&sprefix=jean+michel+aphatie%2Caps%2C69&sr=8-1

Apr 23, 2023

SLSA v1.0 is now final!

slsa.dev/blog/2023/04/slsa-v1-final

Apr 20, 2023

Exposure Management and External Security Posture Management with Patrowl

patrowl.io/patrowl/

Apr 16, 2023

salrashid123/google_id_token: Authenticating using Google OpenID Connect Tokens

github.com/salrashid123/google_id_token

Apr 15, 2023

Bootstrapping Trust Part 1

blog.openziti.io/bootstrapping-trust-part-1-encryption-everywhere

zero trust

Apr 15, 2023

Protecting programmatic access to user data with Binary Authorization for Borg

security.googleblog.com/2019/12/protecting-programmatic-access-to-user.html

Apr 10, 2023

Provenance

slsa.dev/provenance/v1

Apr 10, 2023

Introducing SLSA 1.0: Securing the Code You Import & Build

www.activestate.com/blog/introducing-slsa-1-0-securing-the-code-you-import-build/

Apr 10, 2023

SBOM + SLSA: Accelerating SBOM success with the help of SLSA

slsa.dev/blog/2022/05/slsa-sbom

SLSA

Apr 9, 2023

Bolt-on definition and meaning | Collins English Dictionary

www.collinsdictionary.com/dictionary/english/bolt-on

Apr 9, 2023

Figure Out Who's Lurking in Your Supply Chain With Signatures and Attestations

www.kusari.dev/blog/whos-lurking-in-your-supply-chain/

Apr 7, 2023

111

The Breadth and Depth of SLSA

slsa.dev/blog/2023/04/the-breadth-and-depth-of-slsa

Apr 3, 2023

The for_each Meta-Argument - Configuration Language | Terraform | HashiCorp Developer

developer.hashicorp.com/terraform/language/meta-arguments/for_each

Apr 2, 2023

The count Meta-Argument - Configuration Language | Terraform | HashiCorp Developer

developer.hashicorp.com/terraform/language/meta-arguments/count

Apr 2, 2023

Everything you should know about certificates and PKI but are too afraid to ask

smallstep.com/blog/everything-pki/

pca

Apr 2, 2023

Les correspondantes de «Libération» et du «Monde» au Burkina Faso expulsées : une décision arbitraire et injustifiée

www.liberation.fr/international/afrique/les-correspondantes-de-liberation-et-du-monde-au-burkina-faso-expulsees-une-decision-arbitraire-et-injustifiee-20230402_TIP2MKTYGRA3BMIJUAPFCDXDVM/

Actu

hard

Apr 2, 2023

Accusations de harcèlement : l’avocat Emmanuel Pierrat jugé en appel

www.liberation.fr/societe/police-justice/accusations-de-harcelement-lavocat-emmanuel-pierrat-juge-en-appel-20230119_TU25OR6JQZFNLBDGB3R5GKXAXQ/

Apr 1, 2023

New Chainguard Academy tutorial: Cosign the Manual Way

www.chainguard.dev/unchained/new-chainguard-academy-tutorial-cosign-the-manual-way

Mar 30, 2023

Applying Zero Trust to the Software Supply Chain

www.kusari.dev/blog/applying-zero-trust-to-the-software-supply-chain/

Mar 29, 2023

Kusari's Software Supply Chain Security Overview

www.kusari.dev/blog/supply-chain-security-overview/

Mar 29, 2023

The Entity Attestation Token (EAT)

www.ietf.org/archive/id/draft-ietf-rats-eat-11.html

Mar 25, 2023

Understanding Toil in Google Cloud Platform

medium.com/@med.wael.thabet/understanding-toil-in-google-cloud-platform-e2ce307c0583

Mar 15, 2023

SPIFFE | SPIFFE Concepts

spiffe.io/docs/latest/spiffe-about/spiffe-concepts/

Mar 12, 2023

Threats and mitigations

slsa.dev/spec/v1.0-rc1/threats

Feb 28, 2023

Security levels

slsa.dev/spec/v1.0-rc1/levels

Feb 28, 2023

Announcing SLSA v1.0 Release Candidate

slsa.dev/blog/2023/02/slsa-v1-rc

Feb 27, 2023

Provenance

slsa.dev/provenance/v1-rc1

Feb 27, 2023

increasingly adverb - Definition, pictures, pronunciation and usage notes | Oxford Advanced Learner's Dictionary at OxfordLearnersDictionaries.com

www.oxfordlearnersdictionaries.com/definition/english/increasingly?q=increasingly

Feb 27, 2023

Verifying Artifacts

slsa.dev/spec/v1.0-rc1/verifying-artifacts

Feb 27, 2023

Verifying Build Systems

slsa.dev/spec/v1.0-rc1/verifying-systems

Feb 27, 2023

Producing artifacts

slsa.dev/spec/v1.0-rc1/requirements

Feb 26, 2023

unambiguously adverb - Definition, pictures, pronunciation and usage notes | Oxford Advanced Learner's Dictionary at OxfordLearnersDictionaries.com

www.oxfordlearnersdictionaries.com/definition/english/unambiguously?q=unambiguously

Feb 26, 2023

Terminology

slsa.dev/spec/v1.0-rc1/terminology

Feb 26, 2023

Guiding principles

slsa.dev/spec/v1.0-rc1/principles

Feb 26, 2023

Adopting Sigstore Incrementally - Sigstore Blog

blog.sigstore.dev/adopting-sigstore-incrementally-1b56a69b8c15/

Feb 26, 2023

Cosign 2.0 Released! - Sigstore Blog

blog.sigstore.dev/cosign-2-0-released/

Feb 26, 2023

Policy and Attestations

dlorenc.medium.com/policy-and-attestations-89650fd6f4fa

Feb 21, 2023

Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor | Mandiant

www.mandiant.com/resources/blog/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor

Feb 21, 2023

SUNSPOT Malware: A Technical Analysis | CrowdStrike

www.crowdstrike.com/blog/sunspot-malware-technical-analysis/

Feb 21, 2023

Retour sur l’affaire des « patchs hypocrites » de l’Université du Minnesota - LinuxFr.org

linuxfr.org/news/retour-sur-l-affaire-des-patchs-hypocrites-de-l-universite-du-minnesota

Feb 21, 2023

Report on University of Minnesota Breach-of-Trust Incident - Kees Cook

lore.kernel.org/lkml/202105051005.49BFABCE@keescook/

Feb 21, 2023

Reusing workflows - GitHub Docs

docs.github.com/en/actions/using-workflows/reusing-workflows

Feb 18, 2023

slsa-framework/slsa-github-generator: Language-agnostic SLSA provenance generation for Github Actions

github.com/slsa-framework/slsa-github-generator

Feb 18, 2023

Verify Images

kyverno.io/docs/writing-policies/verify-images/

Feb 16, 2023

slsa-github-generator/SPECIFICATIONS.md at main · slsa-framework/slsa-github-generator

github.com/slsa-framework/slsa-github-generator/blob/main/SPECIFICATIONS.md

Feb 15, 2023

slsa-github-generator/README.md at main · slsa-framework/slsa-github-generator

github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md

Feb 15, 2023

cosign/specs at main · sigstore/cosign

github.com/sigstore/cosign/blob/main/specs/ATTESTATION_SPEC.md

Feb 15, 2023

OAPR on Twitter

Amazon.fr - Les Amateurs: Les coulisses d'un quinquennat - Aphatie, Jean-Michel - Livres

SLSA v1.0 is now final!

Exposure Management and External Security Posture Management with Patrowl

salrashid123/google_id_token: Authenticating using Google OpenID Connect Tokens

Bootstrapping Trust Part 1

Protecting programmatic access to user data with Binary Authorization for Borg

Provenance

Introducing SLSA 1.0: Securing the Code You Import & Build

SBOM + SLSA: Accelerating SBOM success with the help of SLSA

Bolt-on definition and meaning | Collins English Dictionary

Figure Out Who's Lurking in Your Supply Chain With Signatures and Attestations

The Breadth and Depth of SLSA

The for_each Meta-Argument - Configuration Language | Terraform | HashiCorp Developer

The count Meta-Argument - Configuration Language | Terraform | HashiCorp Developer

Everything you should know about certificates and PKI but are too afraid to ask

Les correspondantes de «Libération» et du «Monde» au Burkina Faso expulsées : une décision arbitraire et injustifiée

Accusations de harcèlement : l’avocat Emmanuel Pierrat jugé en appel

New Chainguard Academy tutorial: Cosign the Manual Way

Applying Zero Trust to the Software Supply Chain

Kusari's Software Supply Chain Security Overview

The Entity Attestation Token (EAT)

Understanding Toil in Google Cloud Platform

SPIFFE | SPIFFE Concepts

Threats and mitigations

Security levels

Announcing SLSA v1.0 Release Candidate

Provenance

increasingly adverb - Definition, pictures, pronunciation and usage notes | Oxford Advanced Learner's Dictionary at OxfordLearnersDictionaries.com

Verifying Artifacts

Verifying Build Systems

Producing artifacts

unambiguously adverb - Definition, pictures, pronunciation and usage notes | Oxford Advanced Learner's Dictionary at OxfordLearnersDictionaries.com

Terminology

Guiding principles

Adopting Sigstore Incrementally - Sigstore Blog

Cosign 2.0 Released! - Sigstore Blog

Policy and Attestations

Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor | Mandiant

SUNSPOT Malware: A Technical Analysis | CrowdStrike

Retour sur l’affaire des « patchs hypocrites » de l’Université du Minnesota - LinuxFr.org

Report on University of Minnesota Breach-of-Trust Incident - Kees Cook

Reusing workflows - GitHub Docs

slsa-framework/slsa-github-generator: Language-agnostic SLSA provenance generation for Github Actions

Verify Images

slsa-github-generator/SPECIFICATIONS.md at main · slsa-framework/slsa-github-generator

slsa-github-generator/README.md at main · slsa-framework/slsa-github-generator

cosign/specs at main · sigstore/cosign

Retour sur l’affaire des « patchs hypocrites » de l’Université du Minnesota - LinuxFr.org