gittuf, a security layer for Git repositories, has joined the OpenSSF as a sandbox project housed under the Supply Chain Integrity Working Group. 🎉 gittuf stands out by implementing an array of features dedicated to enhancing security. Learn more today:

Hey NYC Friends! We're doing another @chainguard_dev happy hour this Wednesday. Details here: https://t.co/ya2pd1YUtH

The future of security looks bright, you don't even need a key 🚫🔑 We partnered with @projectsigstore to help you move away from traditional keys to keyless signing. Learn how to do this by adding just a few lines in a yml file:

Securing your source code just got simpler. Today, @chainguard_dev announced Enforce for @github - a GitHub App for public repositories that lets you define & enforce policy for @projectsigstore -based Git signatures. https://t.co/T40hjjiqMp

Dive into the world of code signing and supply chain security with Billy Lynch from @chainguard_dev With years of experience at Google, Billy brings unique insights into securing our digital ecosystems. Don't miss this episode: https://t.co/ceC6todKYX #SupplyChainSecurity

Do you know about GitSign yet from sigstore and Chainguard??? We sat down with @wflynch for an episode of the Securty Repo podcast to talk about this and some other areas of supply chain security. Check it out https://t.co/QCsTFz72Im or https://t.co/aVDbozfqAL

🆕 Chainguard Academy is live 💜 📗OSS: SLSA, SBOMs, Wolfi, apko, melange, sigstore, etc 📙Edu: glossary, recommendations & more 📘PDocs: Images, Enforce, chainctl 🔗 https://t.co/Swv54UL6BA

🟣Software Self-Attestation With @lorenc_dan: Industry Perspectives Feat. CRob 🟣Learn everything you need to know about SSDF and CISA's Software Self-Attestation Form! Tomorrow 👇 https://t.co/zupF8coBuc

👉🏼 "Sigstore: Secure and Scalable Infrastructure for Signing and Verifying #software" with @wflynch, Staff Software Engineer @chainguard_dev & Zack Newman, Research Scientist @chainguard_dev: https://t.co/2aXjczUjdf #QConNY #SoftwareConference #SoftwareDevelopment #Software

📝 Billy Lynch from @chainguard_dev challenged us to rethink our trust in signed commits in git. Through his session on Gitsign, he explored why and how we need to ensure the integrity of our code in the face of escalating supply chain security issues. 5/7

Starting random gratitude shoutouts to the amazing people who are dedicated to OSS 🐙 First up, @puerco, who is the sBOM 💣 & 🦸‍♂️saves the world from drowning in CVE false positives w OpenVEX 🫶 has a heart of gold We appreciate you! 💜

#cdCon #GitOpsCon Demo theatre @wflynch talking about @projectsigstore @tektoncd @chainguard_dev

📝“Being able to sign artifacts without needing to worry about keys goes a long way to help developers secure their supply chains without needing to worry about the complexities of key management”. @wflynch https://t.co/l8rSOqhBSD

VANCOUVER🇨🇦 #OSSSummit NA‼️ 🍁5/9 | cdCon+GitOpsCon 12:40pm: Tekton Project Summit @wflynch 4:30pm: Identity-based Source Integrity w/ Gitsign @wflynch 🍁5/10 | OpenSSF Day 12:05pm: What's New w/ SBOMs? @puerco 1:40pm: Ask the Expert: @tracymiranda https://t.co/cqm6dO4gQL

Come say hi in Vancouver next week!

🎙️ #cdCon + #GitOpsCon Talk 🎙️ Identity-based Source Integrity with Gitsign by @wflynch from @Chainguard_dev Tuesday, May 9 at 4:30pm PDT Add to your schedule here:

Twitter spaces crashed on us so join us here!!

👀 We found a vulnerability in GitHub Actions that bypasses allowed Workflow settings by using commits from forked repositories. Learn more about how this works & what to watch out for 🔍 @wflynch https://t.co/CIRVzIMKvS

What the fork? Check out this amazing research from @wflynch on bypassing security controls in @github to execute arbitrary code in CI! https://t.co/nKKSj3PLpq

By popular demand, we created: ✨S/MEME✨ a substack (commit)ted to security memes…signed, sealed & delivered right to your inbox! ✅ Our 1st issue drops on 2/21 so subscribe + send us your favorite memes below. We'll be sure to feature some. 💜 https://t.co/Zg8yniSKx0