Signed, Sealed, and Distributed

Supply chains need to securely distribute artifacts from a source to one or more destinations. Assuring the integrity is signed, sealed and delivered is a key capability.

Initiators of Supply Chain Incidents

When describing mitigations to supply chain security incidents, it helps to categorize how different incidents may be initiated. Based on the category, different mitigation strategies are more likely to be effective.

Roles and Responsibilities of Signing, SBoMs, and Security Scanners

As cloud-native development continues to automate the consumption of upstream content providers, the ability for automation to make […]

Separating Identity From Location

Adopting cloud-native development has become synonymous with consuming public content. To be productive, and not “reinvent the wheel”, […]

Artifact Services, the Case for a Generalized Package Manager

In this article I’ll offer a view for why any single new package manager isn’t a great idea, […]

Is It Time to Change How We Reference Container Images?

Every long journey begins with the first step.

Consuming Upstream Content in Your Software or Service

Developers are increasingly contributing to and consuming more upstream content. However, as every community effort has proven, risks […]

Registry Names, Namespaces, Images, Artifacts & Tags

Sailing is known for having a unique language. Why are image references so vague?

OCI Artifacts and a View of the Future

The future of OCI Artifacts: Cross Repo & Registry Signing, Catalog Search and Eventing APIs are some of the next things to come – with your help

OCI Artifact Authoring: Annotations & Config.json

When authoring OCI Artifacts, should I use Annotations or Config.json?

Steve Lasker

Category Archive: Artifacts