Start Signing your Commits with Gitsign

0
204
How Software Engineers Spend Their Time

Dit bericht verscheen eerder bij FOSSlife

The issue of code provenance is an industry-wide threat that needs to be addressed, says Erika Heidi. “We need additional layers of security to prove the provenance of code that is committed to a repository, especially when it comes to libraries that are used as dependencies by hundreds or thousands of other projects.”

In this post, Heidi shows how to start using keyless signing with Gitsign, noting that “signing your commits is a step you can start doing today to improve the resilience of your open source projects.”

Read more at Dev.to.

Dit bericht verscheen eerder bij FOSSlife

Vorig artikelBest Linux Distros for Security and Forensics
Volgend artikelNetApp storage goes GA for VMware Cloud on AWS