📯 As one of the fans of the both @GoReleaser and #ko projects, I'm super excited to see that #ko support has been finally landed on #GoReleaser! 🥳
😏 Yep, you heard that right! That means you can build your @OCI_ORG images with #ko while still using #GoReleaser!
✍️ You can even sign the images you built with #ko using #cosign support in …
📯🥳 My newest article was published on Falco blog!
🔥 We noticed that @gitlab's Container Registry has limited support for @OCI_ORG Artifacts!
🌟 We added #falcoctl mediaTypes to GitLab's Container Registry, which makes it compatible with push/pull to #Falco rules and plugins!
We installed #wolfictl on #melange lima-vm to make it easier for you to work on packages while making your contributions✨
I've upgraded the lima Vm to alpine 3.18 in template. You can still use twitter.com/hashtag/mel… in your Apple device No worries, the both architectures are supported twitter.com/hashtag/amd…$ limactl start melange-playground.yaml
There is a tool called wolfictl that facilitates adding/updating packages to Wolfi OS!
If you are willing to add or update packages in twitter.com/hashtag/Wol…, this is one of your go-to tools ☝️
I'm super glad to see that two of the great projects #falcoctl and #paranoia now signed by another awesome project by @projectsigstore ✍️#cosign and made 💃#SLSA provenance available, thanks to @JamesLaverack and Luca Guerra! 🚀
The v1.6.0 version of the "slsa-github-generator" project provided by the #SLSA community was released a day ago which means that all my PRs are now ready to use🥳🍹
Thanks to @lsim99 @AsraEntr0py @IanMLewis for helping me🫶
Here is the full CHANGELOG!🚀
One of the important specifications of the software supply chain security era is no doubt 💃#SLSA and finally, it reached the v1.0 release 🚀 So, the tools that already generate SLSA provenance have to adopt that v1.0 release💡Here is the tracking issue✅
🚨HOT OF THE PRESS: A new episode of my newsletter has just been published on @SubstackInc!
⛓in-toto and SLSA•🐙Wolfi OS Package Updates•🐳Docker Builds and Multi-platform• ❌🔑Keyless Signing for GitLab•💃SLSA v1.0 Release•🚨CNCF SLSA Assessments
🚀I made two live streams on YouTube recently, one is at Docker Istanbul about #Docker #BuildKit and another is at Cloud Native Turkiye about #FluxCD's #OCI and #cosign support! Great chance to practice in Turkish 😆
We (w/ Furkan Türkal) were added K8sgpt to package managers NixOS and WolfiOS 🥳
✅
Generating the provenance for builds is one of the critical ways to trace the software back to its source and hardware and signing this metadata (attestation) proves the integrity! Great news, the deps.dev started to show💃#SLSA provenance info for npm packages!
The Kubernetes SIG Release Team made a significantly important task they started signing container images from v1.24 #Stargazer and it continued with signing artifacts with v1.26 #Electrifying! You can use Kyverno to verify control plane images signatures🥳
In case you missed this talk, I highly encourage you to watch it on demand! You will be enjoying it! Flux CD is one of the first communities that use the power of OCI specs to streamline continuous delivery! I'm glad to be part of this by writing blog posts about that!
