Zach Steindler @steiza - Twitter Profile

about 3 years ago

Looking at push activity is so much better than individual commits. Pushes are authenticated, unlike commit author identity. Looking at pushes you can more easily verify security practices, like requiring reviews (see https://t.co/kCOHeuK2WV). Excited to see where this goes!

GitHub

@github

about 3 years ago

It's now easier to understand changes to your repositories with the new activity view. This new activity view gives you the ability to self-serve insights to your favorite repository and all of its changes. https://t.co/idXU7tXTiB

6

157

37

12

69K

1

16

3

2

4K

steiza retweeted

Python Package Index @pypi

about 3 years ago

An important update on our efforts to secure PyPI with multi-factor authentication: https://t.co/RPjnUweNP1

0

90

28

11

33K

steiza retweeted

OpenSSF @openssf

about 3 years ago

We Want to Hear from You 🔊👂➡️ Take the OpenSSF Software Security Awareness Survey https://t.co/Pb7sTZRsHh

0

4

8

0

1K

Zach Steindler @steiza

about 3 years ago

Last week was a big one for open source security: - https://t.co/YhQ2PcBUkX - https://t.co/X8gQTDEgpo - https://t.co/1HvbmkDrrK ... and yet, there's so much more to do. I'm excited to serve on the 2023 OpenSSF TAC!

OpenSSF @openssf

about 3 years ago

We're pleased to announce the 2023 Technical Advisory Council (TAC) & Security Community Individual Representative (SCIR) on the Board of the OpenSSF 🥳https://t.co/SZkSLxDeGQ

1

11

3

0

10K

0

10

3

2

2K

Who to follow

Kyle Mulka

@mulka

AI/ML, Web Apps, Python, AWS. @amazon @umich

(define (dotz n) (…))

@nathandotz

Senior vim exiting consultant at definitely not the bird place.

Andy Fowler

@andyfowler

ceo/cofounder, @nutshell. ❤️ airplanes, beagles, bicycles, and great software. https://t.co/BiQsIEQDyT

Zach Steindler @steiza

about 3 years ago

Big day for open source security! npm worked with the open source project Sigstore to put together a beta of provenance, verifiably tying npm packages back to their source code and build instructions: https://t.co/X8gQTDDIzQ

0

35

14

0

4K

steiza retweeted

OpenSSF @openssf

about 3 years ago

Today we're proud to announce the release of version 1.0 of SLSA 🎉 Supply-chain Levels for Software Artifacts is an OpenSSF project that provides specifications for software supply chain security, established by community expert consensus. #OSSecurity

openssf's tweet photo. Today we're proud to announce the release of version 1.0 of SLSA 🎉 Supply-chain Levels for Software Artifacts is an OpenSSF project that provides specifications for software supply chain security, established by community expert consensus. #OSSecurity https://t.co/rsisj3Sq8k

1

66

39

6

28K

Zach Steindler @steiza

about 3 years ago

@drunkenwood There are also aperiodic tiles, which cover a surface with a pattern, but the *pattern never repeats* https://t.co/s5EA0cmzL3

0

1

0

37

steiza retweeted

Clint Gibler

@clintgibler

over 3 years ago

🗒️ gh-sbom A gh CLI extension that outputs JSON SBOMs (in SPDX or CycloneDX format) for your GitHub repository https://t.co/DwH6M7inKG

0

17

6

4

1K

steiza retweeted

Clint Gibler

@clintgibler

over 3 years ago

✍️ Sigstore project announces general availability and v1.0 releases Two of @projectsigstore foundational projects, Fulcio and Rekor, published v1.0 releases as well @steiza on why GitHub is excited https://t.co/zB2fnLjKzH By @davelester, @rdcallaw https://t.co/fKCc98JWIb

0

4

3

0

steiza retweeted

Justin Hutchings @jhutchings0

over 3 years ago

Why is the @projectsigstore GA a big deal for developers? @steiza breaks it down for you. https://t.co/yDGdiOtZRL

0

30

17

5

0

steiza retweeted

Justin Hutchings @jhutchings0

almost 4 years ago

Really loving all the excitement about @npmjs and @projectsigstore today. Thanks @lilyhnewman for interviewing @lorenc_dan and I on it today! https://t.co/WSlRwwkrn5

0

23

4

0

steiza retweeted

sMyle (🦋 @myles.dev) @MylesBorins

almost 4 years ago

Extremely excited about this. The npm team has been collaborating with GitHub's package security team for months putting together an RFC to improve the audibility and trust of npm packages using SigStore and trusted build infrastructure https://t.co/D9IEzjPftp

3

178

50

20

0

Zach Steindler @steiza

almost 4 years ago

Want to secure your builds, in the cloud, without scattering API keys everywhere? Come see my talk in ~25 minutes: https://t.co/AV2d3bLFMx or see my slides after at https://t.co/hxbgwrctk1 #fwdcloudsec

0

2

1

0

Zach Steindler @steiza

about 4 years ago

@twbrandt Afterwards we found https://t.co/gTFvm8DOaJ

0

Zach Steindler @steiza

about 4 years ago

An exciting evening in #chelseami

1

2

0

steiza retweeted

GitHub

@github

about 4 years ago

Want to use GitHub-hosted Actions runners, but need to access resources on your private network? You’re in luck! We’ve documented 3 ways to do it ⬇️. https://t.co/muvHGrqk8k

0

64

15

7

0

Zach Steindler @steiza

about 4 years ago

@bdimcheff @akgood Yeah, you run the SSH CA, so you can have it enforce whatever requirements you'd like! Maybe you could convince @akgood to open source a serverless SSH CA that runs on GCP 👀

0

2

0

Zach Steindler @steiza

about 4 years ago

No new emoji flags, based on this post from the Unicode Emoji Subcommittee Chair (which has to be one of the best job titles I've ever heard): https://t.co/CXqPep3a24 cc @99piorg @BradyHaran @cgpgrey

0

Zach Steindler

@steiza

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users