As a seasoned Go developer our CTO, Mikhail Swift, recently explored the transformative impact of the much-awaited generics feature in Go 1.18 through a compelling use case within our Witness project. See what he learned in the full blog post: buff.ly/3S5BvmM

Make sure to head over and star it today to ensure you stay updated with project updates and information. We have room for more 'relationships'. 😉

Join the #witness community - buff.ly/3JFu7tG

#supplychain #cybersecurity #repo #github

Nice intro to attestations and Witness from Cole Kennedy at TestifySec testifysec.com/blog/attestati…

At TestifySec, we're passionate about #softwaresecurity and #supplychainsecurity . But we're also passionate about our families. As the holiday season approaches, remember to prioritize the people who matter most. #familytime

Great blog post by Cole Kennedy published on TestifySec website about comparing #intoto and sigstore; you will find very niche details about them; don't forget to read it 👇
testifysec.com/blog/sigstore-…

Introducing Archivista, a server-side app that helps businesses securely manage their software supply chain data. Protect your supply chain and make confident, informed decisions. Visit our website or contact us to schedule a demo.

testifysec.com/blog/secure-su…

In the land of TestifySec,
Our products do protect,
Witness and Archivista,
Together a perfect pair,
To help secure your software,
From source to production fair,
And Judge to enforce the rules,
With policies that we can share,
So come and try our tools,
And join us in our quest

At @TestifySec we know that getting compromised can seriously affect organizations. That's why we're dedicated to securing the software supply chain and ensuring the integrity of the software being developed. Don't let your software become a vulnerability - trust TestifySec.

There needs to be more clarity in the Software Supply Chain Security space

In our latest blog article, We talk about the differences between in-toto and sigstore, and when it is appropriate to use each.

testifysec.com/blog/sigstore-…

In-toto vs. sigstore: what are they and how do they differ? 🧵 👇 sigstore Santiago #intoto

Amazing.

You can now generate in-toto metadata via a GitHub action, thanks to Cole Kennedy's work at Kubecon_'s in-toto + TUF + sigstore ContribFest! github.com/marketplace/ac…

Petition to start calling these GUESSBOMs! 💣💣💣

We just landed initial Witness support for GitHub.

This uses a preview build of Witness with #Archivist support.

A GitHub attestor, and Keyless signing should drop before Kubecon. Let me know if you give it a whirl.

github.com/testifysec/wit…

Have you ever wondered how to inventory all the dependencies in a software build?

In this talk, I will showcase how end users can create and use #BPF traces to minimize #CVE false positives and negatives with Witness and Cilium #tetragon

sched.co/1AOie

We are working on making supply chain security and compliance easy. Learn more at witness.dev Witness

preview of our backend for Witness. Amazing work by @mikhailswift/🦄 Frederick Kautz (Emeritus KubeCon Co-Chair)

We had a user post an issue that hit an edge case we didn't test for. Our team fixed the issue the next business day, along with unit and integration tests. I couldn't be more proud of our engineering team led by @mikhailswift

I started adding support for the SPIRE delegated identity API to Witness today. This lets us sign attestations based on the shasum of the CI command being run. Great work on this powerful API SPIFFE team!

We use SPIFFE as a way to distribute trust, using remote attestation in our Judge platform. However, we don't expect our users to understand Spire, and spire registrations. We are making great progress on federating SPIRE and making registration easy.
asciinema.org/a/ieVRO9nQ3AZx…