https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/tags/security/Recent content in Security onHugo -- gohugo.ioen-USTue, 23 Dec 2025 15:04:05 +0100https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/open-source/octo-sts/overview/Tue, 23 Dec 2025 15:04:05 +0100https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/open-source/octo-sts/overview/Octo STS is a GitHub App developed by Chainguard that acts as a Security Token Service (STS) for the GitHub API. It enables workloads running anywhere that can produce OIDC tokens to federate with GitHub, exchanging those tokens for short-lived GitHub access tokens. The primary goal is to eliminate the need for GitHub Personal Access Tokens (PATs), which are long-lived credentials that pose significant security risks. Why Octo STS Matters Long-lived access tokens are a common target in security incidents.https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/factory/what-is-factory/Sat, 02 Aug 2025 16:00:00 +0000https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/factory/what-is-factory/Transcript Interviewer: So Dustin, can you explain what the Chainguard Factory is? Dustin Kirkland: Yeah, so the Chainguard Factory is the automation that’s at the heart of what we do here at Chainguard. Essentially, we have this build system that’s constantly monitoring over 10,000 open source projects, and the moment that any upstream maintainer tags a new release, our automation springs into action—fetching that source code, checking the checksums, applying our build rules, rebuilding and recompiling that software, retesting that software at the package and unit level.https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/fips/understanding-fips/Thu, 16 Oct 2025 08:00:00 +0000https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/fips/understanding-fips/What is FIPS? Federal Information Processing Standards (FIPS) are publicly announced standards developed by the National Institute of Standards and Technology (NIST) in accordance with the Federal Information Security Management Act (FISMA) and approved by the U.S. Secretary of Commerce. FIPS is a U.S. federal standard that establishes requirements for cryptographic security in federal government systems. While FIPS originates from U.S. federal requirements, many organizations globally adopt FIPS validation as a recognized security benchmark, particularly when working with U.