Stories by colek42

Show HN: CI/lock – supply-chain attestation CLI, from the Witness creators

Anthropic vs. DoD: "Any lawful use" is a fight about control

Shifting 'Shift Left' and What We Can Learn from Uber

Shifting 'Shift Left' and What We Can Learn from Uber

How to Shift Compliance Left – A Letter to Developers

Shifting Compliance Left – A Letter to Compliance Teams

Building an Effective Enterprise Software Supply Chain Policy

Witness is a pluggable framework digital attestation

Keyless Signing of Digital Attestations with Witness and SigStore

Keyless Signing with Witness and SigStore

Comparing In-Toto and Sigstore: Two Approaches to Software Supply Chain Security

2019 – USENIX – in-toto: Providing farm-to-table guarantees for bits and bytes

Automating Compliance – Why the SBOM Falls Short

What Is a Software Supply Chain Attestation?

Fpx: Easy USB‑C power for all your devices

What Is the SSDF – and What Does It Mean for My Software Supply Chain Compliance

What Is a Software Supply Chain Attestation

Tool that emulates the SolarWinds CI compromise attack vector

What is an SBOM, and why should you care?