Joined July 2021
- Tweets 73
- Following 39
- Followers 141
- Likes 81
20 Photos and videos
24 Oct 2023
As a seasoned Go developer our CTO, Mikhail Swift, recently explored the transformative impact of the much-awaited generics feature in Go 1.18 through a compelling use case within our Witness project. See what he learned in the full blog post: buff.ly/3S5BvmM
246
21 Aug 2023
Make sure to head over and star it today to ensure you stay updated with project updates and information. We have room for more "relationships". 😉
Join the #witness community - buff.ly/3JFu7tG
#supplychain #cybersecurity #repo #github
1
246
8 Dec 2022
At TestifySec, we're passionate about #softwaresecurity and #supplychainsecurity. But we're also passionate about our families. As the holiday season approaches, remember to prioritize the people who matter most. #familytime
1
2
TestifySec retweeted
7 Dec 2022
Great blog post by @colek42c published on @testifysec website about comparing #intoto and @projectsigstore; you will find very niche details about them; don't forget to read it 👇
testifysec.com/blog/sigstore…
2
6
6 Dec 2022
Introducing Archivista, a server-side app that helps businesses securely manage their software supply chain data. Protect your supply chain and make confident, informed decisions. Visit our website or contact us to schedule a demo.
testifysec.com/blog/secure-s…
1
6 Dec 2022
In the land of TestifySec,
Our products do protect,
Witness and Archivista,
Together a perfect pair,
To help secure your software,
From source to production fair,
And Judge to enforce the rules,
With policies that we can share,
So come and try our tools,
And join us in our quest
1
5 Dec 2022
At @TestifySec we know that getting compromised can seriously affect organizations. That's why we're dedicated to securing the software supply chain and ensuring the integrity of the software being developed. Don't let your software become a vulnerability - trust TestifySec.
1
1
2 Dec 2022
There needs to be more clarity in the Software Supply Chain Security space
In our latest blog article, We talk about the differences between in-toto and @projectsigstore, and when it is appropriate to use each.
testifysec.com/blog/sigstore…
1
1
TestifySec retweeted
2 Dec 2022
In-toto vs. sigstore: what are they and how do they differ? 🧵 👇 @projectsigstore @torresariass #intoto
1
4
12
TestifySec retweeted
31 Oct 2022
You can now generate in-toto metadata via a GitHub action, thanks to @colek42c's work at @KubeCon_'s in-toto TUF @projectsigstore ContribFest! github.com/marketplace/actio…
1
9
TestifySec retweeted
26 Sep 2022
Petition to start calling these GUESSBOMs! 💣💣💣
26 Sep 2022
One under-appreciated problem with software bill-of-materials (SBOM) is that SBOMs that are recreated after build time - e.g. by software composition analysis [SCA] tools - are typically incomplete and have to make a best guess of the 'ingredients' of the software artifacts.
2
6
29
TestifySec retweeted
15 Sep 2022
We just landed initial @witness_dev support for @github.
This uses a preview build of Witness with #Archivist support.
A GitHub attestor, and Keyless signing should drop before Kubecon. Let me know if you give it a whirl.
github.com/testifysec/witnes…
2
3
TestifySec retweeted
6 Sep 2022
Have you ever wondered how to inventory all the dependencies in a software build?
In this talk, I will showcase how end users can create and use #BPF traces to minimize #CVE false positives and negatives with @witness_dev and @ciliumproject #tetragon
sched.co/1AOie
4
9
12 Aug 2022
We are working on making supply chain security and compliance easy. Learn more at witness.dev @witness_dev
2
5
TestifySec retweeted
2 Aug 2022
2
5
TestifySec retweeted
1 Aug 2022
We had a user post an issue that hit an edge case we didn't test for. Our team fixed the issue the next business day, along with unit and integration tests. I couldn't be more proud of our engineering team led by @mikhailswift
1
1
TestifySec retweeted
21 Jul 2022
I started adding support for the SPIRE delegated identity API to @witness_dev today. This lets us sign attestations based on the shasum of the CI command being run. Great work on this powerful API @SPIFFEio team!
5
26
TestifySec retweeted
20 Jul 2022
We use @SPIFFEio as a way to distribute trust, using remote attestation in our Judge platform. However, we don't expect our users to understand Spire, and spire registrations. We are making great progress on federating SPIRE and making registration easy.
asciinema.org/a/ieVRO9nQ3AZx…
1
8
20