Reference workflows, scripts, and templates for hardening CI/CD pipelines with Sigstore, SLSA, and SBOMs.

Enterprise-grade AWS infrastructure deployed with Terraform: ECS Fargate, Multi-AZ RDS PostgreSQL, Application Load Balancer, WAF security, Route53 DNS. Full DevSecOps pipeline with 6 security scanners, container signing, SBOM generation, and Infracost integration.

A Template for Thesis Documents written in Markdown

Example of using Sigstore/Cosign to secure Helm chart supply chain

This project includes containerization, Kubernetes deployment, Helm chart management, security policy enforcement, image signing, monitoring setup, and CI/CD pipeline automation.

A Github Actions pipeline that builds safer containers

jenkins ansible terraform docker aws ecr cosign trivy devops ci-cd iac supply-chain-security terragrunt jcasc python

pwrApp - Dash application for mcce

Production container images - signed with Sigstore, SBOM attested

Showcase for OCI registres [MIRROR]

This is the main Git repo

FastAPI fraud detection API demonstrating a verifiable container supply chain with Cosign signing, SBOM generation, and hardened Distroless Docker runtime.

Docker image for Cosign using alpine linux as base image.

A Sigstore KMS plugin for Alibaba Cloud KMS

Demo Go application used to build a secure container supply chain (Trivy, SBOM, Cosign).

Production-like DevSecOps platform on local Kubernetes (k3d, 3 clusters): GitOps, progressive delivery, policy-as-code, secure supply chain, Vault/ESO secrets, Step-CA PKI, and SLO-driven observability.

Demo for my talk on Developer Experience (DX)

☕ Streamline JVM workloads with hardened OCI images preinstalled with Temurin JDK 25 and JDK 26, ensuring security and performance for your applications.

AWS Pipelines utilizing Cosign to sign and verify containerized images.