Skip to content


Stay Calm and SLSA: Generating SLSA Provenance for Your Artifacts with GoReleaser and slsa-github-generator

In an age where software is at the heart of nearly every aspect of our lives, software supply chain security has become paramount. It involves a series of measures and practices aimed at ensuring the reliability and safety of the software we use daily. As cyber threats continue to evolve, the need for robust software supply chain security has never been greater. Organizations must take steps to protect their software development and distribution processes from potential vulnerabilities and attacks.

Fast and Furious Building OCI compatible Container Images with GoReleaser and ko

GoReleaser and ko are popular open-source, well-recognized projects, especially in the containerization and open-source ecosystem for Go applications. Many people use these projects for their Go applications because they are pretty straightforward and CI-friendly tools that make your releasing artifacts (binary and container image) process super elegant, which also helps you focus more on developing the business logic rather than planning to release software type of works.

GoReleaser And Software Supply Chain Security

Before talking about the security of the software supply chains, we should mention what should come to our minds first when we are talking about software supply chains. In most basic terms, you can think of software supply chains are anything that's needed to deliver your product — including all the components you use, for example, your codebase, packages, ** libs, your CI/CD pipeline, third-party services you use, anything that goes into or affects your code from development to gets deployed into production systems.**