Ken Muse
Understanding Certificate Authorities
For certificates to work, we need a system of trust. We need to know that each certificate is valid and was properly issued. This is the role of the certificate authorities (CAs). In the second part of this series, we’ll explore the role of CAs and how certificates are validated. We’ll also look at creating a private CA using a self-signed certificate.

Read this article

Understanding X.509 Certificates
Despite decades of use, certificates tend to be a mystery to most developers. At their root, they are largely more than a collection of name-value pairs and a public key. The majority of people that work with certificates regularly often run into situations where they need to understand the details of how they work. In this post, we’ll dive into the basics and learn what’s in these files.

Read this article

Universal Packages on GitHub With ORAS
Most package management systems support some kind of “universal artifacts” storage. Azure Artifacts supports “universal packages”, Artifactory supports “generic repositories”, and Nexus has “raw repositories”. But what about GitHub? From all appearances, it would seem this is an oversight. Although not explicitly documented, it turns out it’s fully supported.

Read this article

Creating GitHub Checks (and Understanding the Checks API)

Creating GitHub Checks (and Understanding the Checks API)

If you’ve ever wanted to integrate an external system or execute parts of the CI process asynchronously, the GitHub Checks API can provide a way to make that happen. In fact, you can even use Checks to allow two workflows to work together, no waiting or polling from the runner required. Today I’ll demonstrate how the API works and provide two workflows that demonstrate how to build a working GitHub Check.

Read this article