DevOps Articles

Curated articles, resources, tips and trends from the DevOps World.

Npm to Adopt Sigstore for Software Supply Chain Security

2 years ago thenewstack.io
Npm to Adopt Sigstore for Software Supply Chain Security

Summary: This is a summary of an article originally published by The New Stack. Read the full original article here →

https://www.npmjs.com/, the JavaScript package manager and default package manager for the JavaScript runtime environment https://nodejs.org/, needs all the security help it can get. https://www.whitesourcesoftware.com/, a leading open source security provider, recently claimed https://thenewstack.io/is-npm-a-hotbed-of-malware/.

While Hutching isn’t ordering npm to adopt the Linux Foundation and https://openssf.org/‘s https://www.sigstore.dev/ for signing source code, he strongly encourages it.

Specifically, Hutchings explained, they’re opening a https://github.com/npm/rfcs/pull/626, which discusses linking a package with its source repository and its build environment.

Instead, by adding support for npm package end-to-end signing with Sigstore, the process is automated.

Read More
Oh Dear
Oh Dear
The all-in-one monitoring tool for your entire website
Fathom
Fathom
Fathom Analytics: A Better Google Analytics Alternative
Namecheap
Namecheap
DevOpsChat Logo Your DevOps Community
Product
Useful Links

Made with pure grit © 2024 Jetpack Labs Inc. All rights reserved. www.jetpacklabs.com