That's going to be interesting 👀 I missed AWS Signer

We are ready to talk about @kyverno #AWSSigner and @NotaryProject to make software supply chain even more secure by providing integrity! #notary #notation #kyverno #AWSTurkiye25 #awssigner #aws #awscommunityday #awscommunityday25 #awscommunitydayturkiye25 #awscommunitydayturkey25

🚨 CVE-2024-51491 📅 Published: 2025-01-13 🏢 Vendor: notaryproject 💾 Product: notation-go 🏗️ Affected Version: = 1.3.0-rc.1 🐛 CWE-703 🏆 Base Score: 3.3 ⚠️ Base Severity: LOW 🔗 s.mtrbio.com/dcwqcvehhk #VulnAlert #InfoSec #CyberSecurity

Join me tomorrow at the HashiTalks: Secure event, where I secure Nomad deployments with my little side project and the Notary Project 🙂 🗓️events.hashicorp.com/hashita… 📺youtube.com/watch?v=4Rx3egiX… 💾github.com/mxab/nacp #HashiCorp #Nomad #NotaryProject #OPA #DevSecOps #HashiTalks

From competitors to comrades 🤝 The power of #opensource collaborations at #KubeConEU thCUBE.net During live coverage of the #cloudnative conference we hear from @Microsoft principal product manager Toddy Mladenov, who details the cooperative efforts happening for the Notary Project, a command-line interface tool for signing and verifying images. “We can talk from Microsoft’s point of view, but we cooperate very well with #AWS, which is strange, right? Because we’re supposed to be competitors. That’s not the case. Actually both companies are using the @NotaryProject as the foundation for their supply chain security,” Mladenov explains. “Our strategy on the Microsoft side is to provide this as part of Azure,” he continues. “Ideally we don’t even want the developers to know this is happening; it should be behind the scenes. Because why do they need to go and constantly say ‘I need to sign this thing, I need to sign that thing.’ If that happens behind the scenes, everything will be signed and secured. It’ll be less friction and everybody will be happy.” 📺 Tune in now for real-time analysis, straight from the show floor. theCUBE.net #LiveNews #EnterpriseTech #CloudComputing #OpenSource @toddysm @CloudNativeFdn @KubeCon_

Image integrity on AKS with support for @NotaryProject and @projectsigstore

NEWS: Exciting updates from @NotaryProject at #KubeCon #CloudNativeCon Europe 🇫🇷 cncf.io/blog/2024/03/19/join…

We are happy to announce that Bitnami-packaged open source software container images and Helm charts available in DockerHub are now signed by Notation (@NotaryProject) notaryproject.dev/blog/2024/…

The 'You Choose!' vote is a close one, and the poll closes in just a few hours! Watch & learn & VOTE! The show: youtu.be/p4M-ZdBsA7o The vote (hosted on CNCF Slack): bit.ly/3T10Ga4 @vfarcic @CloudNativeFdn @NotaryProject @projectsigstore @OpenPolicyReg

( ᐛ ) Going live NOW!!! Why sign and verify digital artifacts? Which tool is right for you? Join us! youtu.be/p4M-ZdBsA7o @vfarcic @CloudNativeFdn @CNCFAmbassadors @NotaryProject @OpenPolicyReg @projectsigstore

Join @vfarcic & me for 'You Choose!' tomorrow (Tues Feb 13) & learn about signing artifacts using @NotaryProject, @projectsigstore, & @OpenPolicyReg ❗️ ...then VOTE for which one you'd like to see implemented in our ongoing demo! Fun! Click 'notify me': youtu.be/p4M-ZdBsA7o

📝 Notation Like checking git commit signatures but for containers A CLI project to add signatures as standard items in the OCI registry ecosystem, and to build a set of simple tooling for signing and verifying the signatures By @NotaryProject github.com/notaryproject/not…

Looking to DevSecOpsify your @HashiCorp Nomad deployments? The Nomad Admission Control Proxy learned a new trick and can leverage @NotaryProject notation lib for image validation github.com/mxab/nacp/release… #devsecops #nomad #hashicorp #notary #opa

I worked on implementing the signing of the OCI artifacts just using plain Java Bouncy Castle. No Notation CLI or more external dependencies involved, just Java 🚀 I think this is probably the first no-Golang implementation of @NotaryProject 😎

Using signing and verification plugins

Signing with AWS Signer and Notation

Features and how to use @NotaryProject Notation

Demoing the local signing workflow using @NotaryProject GitHub Action from the marketplace.

Improving the security of software supply chains with @NotaryProject @toddysm and Milind

Check out two latest episodes from @jrrickardand @toddysmto to learn how to use @NotaryProject to sign container images and ensure image integrity in production: techcommunity.microsoft.com/…