Hacker, cooker, hiker
Joined December 2008
- Tweets 260
- Following 382
- Followers 500
- Likes 146
21 Photos and videos
31 May 2023
Looking at push activity is so much better than individual commits.
Pushes are authenticated, unlike commit author identity. Looking at pushes you can more easily verify security practices, like requiring reviews (see slsa.dev/spec/v1.0/future-di…).
Excited to see where this goes!
It's now easier to understand changes to your repositories with the new activity view. This new activity view gives you the ability to self-serve insights to your favorite repository and all of its changes.
github.blog/changelog/2023-0…
1
3
16
3,575
Zach Steindler retweeted
25 May 2023
An important update on our efforts to secure PyPI with multi-factor authentication: blog.pypi.org/posts/2023-05-…
28
90
32,578
We Want to Hear from You 🔊👂➡️ Take the OpenSSF Software Security Awareness Survey openssf.org/blog/2023/05/17/…
8
4
1,357
26 Apr 2023
Last week was a big one for open source security:
- slsa.dev/blog/2023/04/slsa-v…
- github.blog/2023-04-19-intro…
- blog.pypi.org/posts/2023-04-…
... and yet, there's so much more to do. I'm excited to serve on the 2023 OpenSSF TAC!
We're pleased to announce the 2023 Technical Advisory Council (TAC) & Security Community Individual Representative (SCIR) on the Board of the OpenSSF 🥳openssf.org/blog/2023/04/26/…
3
10
2,203
19 Apr 2023
Big day for open source security! npm worked with the open source project Sigstore to put together a beta of provenance, verifiably tying npm packages back to their source code and build instructions: github.blog/2023-04-19-intro…
14
35
4,204
Today we're proud to announce the release of version 1.0 of SLSA 🎉 Supply-chain Levels for Software Artifacts is an OpenSSF project that provides specifications for software supply chain security, established by community expert consensus. #OSSecurity
1
39
66
28,184
Zach Steindler retweeted
13 Mar 2023
🗒️ gh-sbom
A gh CLI extension that outputs JSON SBOMs (in SPDX or CycloneDX format) for your GitHub repository
github.com/advanced-security…
6
17
1,304
Zach Steindler retweeted
1 Nov 2022
✍️ Sigstore project announces general availability and v1.0 releases
Two of @projectsigstore foundational projects, Fulcio and Rekor, published v1.0 releases as well
@steiza on why GitHub is excited
github.blog/2022-10-25-why-w…
By @davelester, @rdcallaw
opensource.googleblog.com/20…
3
4
Zach Steindler retweeted
25 Oct 2022
Why is the @projectsigstore GA a big deal for developers? @steiza breaks it down for you. github.blog/2022-10-25-why-w…
17
30
Zach Steindler retweeted
9 Aug 2022
Really loving all the excitement about @npmjs and @projectsigstore today. Thanks @lilyhnewman for interviewing @lorenc_dan and I on it today!
wired.com/story/github-code-…
4
23
Zach Steindler retweeted
8 Aug 2022
Extremely excited about this. The npm team has been collaborating with GitHub's package security team for months putting together an RFC to improve the audibility and trust of npm packages using SigStore and trusted build infrastructure
github.blog/2022-08-08-new-r…
3
50
178
25 Jul 2022
Want to secure your builds, in the cloud, without scattering API keys everywhere? Come see my talk in ~25 minutes: youtube.com/watch?v=YHZdkpya… or see my slides after at coffeehousecoders.org/blog/c… #fwdcloudsec
1
2
10 Jun 2022
Video description: twin flames shoot up above the treeline on the horizon, sounds like a roaring jet engine
Want to use GitHub-hosted Actions runners, but need to access resources on your private network? You’re in luck! We’ve documented 3 ways to do it ⬇️. github.co/3NbDkJE
15
64
29 Mar 2022
No new emoji flags, based on this post from the Unicode Emoji Subcommittee Chair (which has to be one of the best job titles I've ever heard): blog.unicode.org/2022/03/the…
cc @99piorg @BradyHaran @cgpgrey
28 Mar 2022
This was a fun collaboration with the GitHub Docs team! Let us know what other security topics you'd like to see guides for.
Our latest guide walks you through securing your software supply chain end-to-end, and gives you tips on how to get started on your security journey 🛣️ github.blog/2022-03-28-how-t…
6
We've integrated @projectsigstore support for container image signing into the GitHub Actions starter workflow, so that developers can sign their container images by default. Check out the details! github.blog/2021-12-06-safeg…
6
118
325
Zach Steindler retweeted
3 Nov 2021
New parliament 1.5.0 release. Checks added for:
- Single value condition too permissive (confusing IAM detail of ForAllValues), 🙏 patrobinson. See docs.aws.amazon.com/IAM/late…
- Resource effectively *. 🙏 raghavkaul
github.com/duo-labs/parliame…
1
1
17