Signed, Sealed, and Distributed
Supply chains need to securely distribute artifacts from a source to one or more destinations. Assuring the integrity is signed,…
Initiators of Supply Chain Incidents
When describing mitigations to supply chain security incidents, it helps to categorize how different incidents may be initiated. Based on…
Roles and Responsibilities of Signing, SBoMs, and Security Scanners
As cloud-native development continues to automate the consumption of upstream content providers, the ability for automation to make real-time, informed…
Separating Identity From Location
Adopting cloud-native development has become synonymous with consuming public content. To be productive, and not “reinvent the wheel”, you likely…
Artifact Services, the Case for a Generalized Package Manager
In this article I’ll offer a view for why any single new package manager isn’t a great idea, but a…
Building Scalable Customer Communications with Megaphones and Funnels
Engaging customers at scale is just as difficult as building services that scale
Diversity in Tech
I trust our democratic process to do the right thing for the US election, and I believe we deserve the…
Is It Time to Change How We Reference Container Images?
Every long journey begins with the first step.
Consuming Upstream Content in Your Software or Service
Developers are increasingly contributing to and consuming more upstream content. However, as every community effort has proven, risks must be…
Sketch, Prototype, Design, Build – A model for designing complex systems.
As we embarked on Notary v2, we needed to incorporate experts from multiple backgrounds, experiences and skillsets. The various perspectives…
Registry Names, Namespaces, Images, Artifacts & Tags
Sailing is known for having a unique language. Why are image references so vague?
Azure Container Registry Adds Teleportation
Project Teleport removes the cost of download and decompression by mounting pre-expanded layers from the Azure Container Registry.
OCI Artifacts and a View of the Future
The future of OCI Artifacts: Cross Repo & Registry Signing, Catalog Search and Eventing APIs are some of the next…
OCI Artifact Authoring: Annotations & Config.json
When authoring OCI Artifacts, should I use Annotations or Config.json?
Authoring OCI Registry Artifacts – Quick Guide
Getting started guide for authoring OCI Artifacts
Cloud Native Artifact Registries evolve from Docker Container Registries
If you’ve used docker, you’ve used container registries. Registries are a defacto part of the workflow, streamlining development, deployment, and…
Choosing a Docker Container Registry
How to choose a docker registry
Steve Lasker 