signing | Chris Swan's Weblog

Posts Tagged ‘signing’

SLSA attestations for Docker matrix builds

28Oct25

TL;DR Supply-chain Levels for Software Artifacts (SLSA) attestations are a great way to show that you care about security, and they’re fairly trivial to add to delivery pipelines that produce a single binary or container image. But things get tricky with matrix jobs that build lots of things in parallel, as you then need to […]

Filed under: Dart, Docker, Gemini, howto | Leave a Comment
Tags: AI, ARM, artifact, attestation, CD, container, Cosign, Dart, DevOps, Docker, Gemini, GitHub Actions, image, json, matrix, security, signing, slsa

Subscribe

Default feed link

Subscribe in a reader
Search
Top Posts
Recent Posts

Pinboard.in bookmarks
Blogroll
Categories

Categories

	Chris Swan on Milo cancer diary part 20…
	Chris Swan on Milo cancer diary part 20…
	Chris Swan on USB C Charger Reviews
	Peter on USB C Charger Reviews
	“Yes, ma’am” – being… on July 2025

Posts Tagged ‘signing’

SLSA attestations for Docker matrix builds

Subscribe

Search

Top Posts

Recent Posts

Recent Comments

Pinboard.in bookmarks

Blogroll

Categories