Keeper Security Protects Against Supply Chain Attacks with New Open Source Project – Biotechnolo…
EIN News – Charley Nash
Keeper Security, a leading provider of zero-trust and zero-knowledge cybersecurity software, has announced an open-source project aimed at enabling software developers and DevOps to securely sign Git commits using their Keeper vault.
This integration with Keeper Secrets Manager (KSM) allows users to use the SSH keys stored in their Keeper Vault to digitally sign commits, ensuring the authenticity and integrity of their code.
By removing the need to store SSH keys on disk and providing a secure and encrypted repository for them, this solution enhances security and streamlines DevOps workflows.
The rise in software supply chain attacks highlights the importance of securing the software supply chain, and signing Git commits with SSH keys is a recommended best practice in confirming code authenticity.
The integration with Keeper Vault offers a layer of protection and ease-of-use that was previously not standard, simplifying a complex process into a straightforward one.
The signed commits provide cryptographic proof of authorship and contribute to securing the supply chain.
The SSH keys used for signing commits are secured within Keeper Secrets Manager (KSM), a fully managed zero-knowledge platform for securing infrastructure secrets.
KSM eliminates secrets sprawl and hard-coded credentials, promoting secure commit signing and central key management.
The integration supports a broader government and industry effort to enhance security and visibility in the open source community.
Link: https://www.einnews.com/pr_news/662398909/keeper-security-protects-against-supply-chain-attacks-with-new-open-source-project