Working on 🐧 and open source software
Joined June 2007
- Tweets 1,780
- Following 706
- Followers 2,299
- Likes 3,169
265 Photos and videos
José Miguel Parrella (JMP) retweeted
11 Jun 2023
The ntp package has been replaced by ntpsec. The Debian default for the system clock is now systemd-timesyncd. We also inclde chrony and openntpd. #ReleasingDebianBookworm #Debian12 #Debian dlvr.it/SqTyhy
3
18
124
26,160
José Miguel Parrella (JMP) retweeted
20 Apr 2023
Live demoing how to use @OpenPolicyAgent Gatekeeper external data feature together with Ratify to validate license and vulnerabilities on app deployment. @jrrickard
2
7
45
6,290
José Miguel Parrella (JMP) retweeted
6 Jan 2023
🎉🎉🎉 So excited to see this land. It's been great collaborating with @OCI_ORG on getting the specs updated to facilitate the storage and distribution of signatures, SBOMs and software supply chain security artifacts. Try it out today on ACR techcommunity.microsoft.com/…
1
12
36
8,620
José Miguel Parrella (JMP) retweeted
27 Oct 2022
ORAS 0.15 has evolved into a fully functional OCI registry client. It provides fine-grained capabilities to alter the content of @OCI_ORG supply chain artifacts. Check out this blog by @FeynmanZhou and Yi to learn how to convert Docker image to OCI image:
oras.land/blog/oras-0.15-a-f…
7
18
José Miguel Parrella (JMP) retweeted
15 Oct 2022
This MIT CS class teaches you things that all the other classes don't teach you, like...
🖥️ Shell tools and scripting
🖥️ Vim
🖥️ Data wrangling
🖥️ Command-line environment
🖥️ Version control
Watch all 11 lectures for free here: bit.ly/MissSemester
39
597
2,338
José Miguel Parrella (JMP) retweeted
12 Oct 2022
The @ietf has approved the #SCITT (Supply Chain Integrity Transparency and Trust) as an official working group. mailarchive.ietf.org/arch/ms…
Special thanks to @eliotlear, @shingou, @rahmenwerk, @OR13b, @mprorock, @rjb4standards, @kaywilyums amongst many others.
1
11
16
José Miguel Parrella (JMP) retweeted
12 Oct 2022
We’re super excited about bringing GitHub Advanced Security and Defender for DevOps to Azure DevOps customers! aka.ms/AAi8gek #MSIgnite
2
14
46
José Miguel Parrella (JMP) retweeted
My new experiment: "repro-get": reproducible apt, dnf, and apk, with content-addressing.
github.com/reproducible-cont…
TL;DR:
```
$ cat SHA256SUMS
35b150... pool/main/h/hello/hello_2.10-2_amd64.deb
$ repro-get install SHA256SUMS
```
Supports OCI and IPFS as blob storages.
3
7
40
José Miguel Parrella (JMP) retweeted
10 Oct 2022
Last week Why the SBOM Frenzy Is Premature, this week Why SCA for Security is Really Hard which explains why most vulnerability data is not up to the job.
eu1.hubs.ly/H01W-v30
1
1
José Miguel Parrella (JMP) retweeted
22 Sep 2022
Overwhelmed by CVEs in registry images? 😱🪲
Can't figure out how a CVE got into the image? Which dependency/build step introduced it? 🐛❓
The image provenance spec enables tracing CVEs detected in registry images back to a CVE's source of origin!
github.com/deislabs/image-la…
1/n
1
8
15
José Miguel Parrella (JMP) retweeted
20 Sep 2022
This blog by @FeynmanZhou demonstrates how to copy a @OCI_ORG image from a public registry MAR to a private registry ACR, then attach SBoM and discover the reference in a tree graph. We will also share the ORAS use cases in ECR and GAR soon. Stay tuned!
oras.land/blog/oras-0.14-and…
6
17
José Miguel Parrella (JMP) retweeted
Very neat: new browser plugin that shows if a repository is archived on @SWHeritage or not (if it is, you can cite it and/or use a SWHID to refer to code at a granular level: docs.softwareheritage.org/de…)
1
20
29
3 Sep 2022
Context: left behind overnight in airplane, then spent a few nights in the terminal and now showed up here
1
José Miguel Parrella (JMP) retweeted
Very exciting to see @Microsoft open source their internal SBOM generation tool. Would love to hear what you think of it.
devblogs.microsoft.com/engin…
3
84
276