Google revealed that it has been working with GitHub to create a forgery-proof method for signing source code as part of an ongoing effort to better secure software supply chains.
Bob Callaway, technology lead for open source software supply chain security at Google, said a prototype of this method, written in the Go programming language, generates non-forgeable provenance using GitHub Actions workflows for isolation and code signing tools for authenticity provided by Sigstore. Projects that make use of GitHub runners to run jobs can now achieve the third level of security as defined by the supply chain levels for software artifacts (SLSA) framework to assure software artifacts are authentic and trustworthy, he said.
The reusable workflow also protects against interference from maintainers who could otherwise try to define the workflow in a way that interferes with the builder. The only way to interact with a reusable workflow is through the input parameters it exposes to the calling workflow, which prevents maintainers from altering information via variables, steps, services and defaults.
“The goal is not only to ensure the provenance of individual software artifacts but also to make it possible to identify which build system was employed to create that artifact,” said Callaway. In addition to working with GitHub, Callaway added that Google expects to apply this method to securing other build systems that organizations use to construct applications.
Overall, Callaway said, “Google is also working toward embedding security functions with DevOps platforms to ensure the integrity of software supply chains and educate developers on how to build more secure software.”
To protect against the possibility of one job tampering with artifacts used by another job, Google’s method creates a trusted channel. Job outputs send hashes that are then used to verify the binary received via the untrusted artifact registry. The OpenID Connect (OIDC) protocol, which GitHub just opted to support, is then used to prove the identity of the workflow to an external service, such as Sigstore, by attaching a unique JSON web token (JWT) to each runner. The token contains verifiable information about workflow identity, such as the caller repository, commit hash, trigger and the current workflow path and reference.
That makes it possible for the workflow to prove its identity to the Fulcio root certificate authority provided by Sigstore. Fulcio signs a short-lived certificate attesting to an ephemeral signing key generated in the runner. A record of that signing is kept in Sigstore’s transparency log Rekor. Users can then rely on the signing certificates to verify provenance in a way that is authenticated and non-forgeable. That approach means maintainers don’t need to manage or distribute cryptographic keys for signing, which until now have made it challenging to manage code signing at scale, Callaway noted.
In the wake of a series of high-profile security breaches involving open source software, Google and others have significantly increased the resources being applied to secure both open source and proprietary software within a set of DevSecOps best practices. It may be a while before developers pervasively employ the benefits of that effort, but it’s clear that substantial progress is being made involving everything from the tools developers use to the build systems managed by DevOps teams.
Microsoft Dynamics 365 represents a robust cloud-based CRM solution with features such as pipeline assessment, relationship analytics, and conversational intelligence. It utilises AI-powered insights to provide actionable intelligence via predictive analytics, lead scoring, sentiment analysis, etc. Currently, Microsoft operates in 190 countries and is made up of more than 220,000 employees worldwide.
HubSpot is an inbound marketing, sales, and customer service software provider, offering robust CRM and automation solutions. Some of its products include Marketing Hub, Sales Hub, Operations Hub, Content Hub, Commerce Hub, Marketing Analytics and Dashboard Software. Guided by its inbound methodology, HubSpot enables companies to prioritise innovation and customer success.
Monday.com is a project management software company, offering a cloud-based platform that enables businesses 
Headquartered in San Mateo, California, Freshworks is a global AI-powered business software provider. Its tech stack includes a scalable and comprehensive suite for IT, customer support, sales, and marketing teams, ensuring value for immediate business impact. Its product portfolio includes Customer Service Suite, Freshdesk, Freshchat, Freshcaller, Freshsuccess, and Freshservice. Freshservice for Business Teams has helped several global organisations to enhance their operational efficiency.
Talkdesk offers an innovative AI-powered customer-centric tech stack to its global partners. The company provides generative AI integrations, delivering industry-specific solutions to its customers. Talkdesk CX Cloud and Industry Experience Clouds utilise modern machine learning and language models to enhance contact centre efficiency and client satisfaction.
The company offers comprehensive cloud-based solutions, such as Microsoft Dynamics 365, Gaming Consoles, Microsoft Advertising, Copilot, among other things, to help organisations offer enhanced CX and ROI. Its generative-AI-powered speech and voice recognition solutions,such as Cortana and Azure Speech Services empowers developers to build intelligent applications.
IBM is a global hybrid cloud and AI-powered 
Uniphore is an enterprise-class, AI-native company that was incubated in 2008. Its enterprise-class multimodal AI and data platform unifies all elements of voice, video, text and data by leveraging Generative AI, Knowledge AI, Emotion AI and workflow automation. Some of its products include U-Self Serve, U-Assist, U-Capture, and U-Analyze. Its Q for Sale is a conversational intelligence software that guides revenue teams with AI-powered insights, offering clarity on how to effectively keep prospects engaged.
Google Cloud accelerates every organisation’s ability to digitally transform its business. Its enterprise-grade solutions leverage modern technology to solve the most criticial business problems 
8×8 offers out-of-the-box contact centre solutions, assisting all-size businesses to efficiently meet customer needs and preferences. It offers custom CRM integrations support and integrates effortlessly with third-party CRMs like Salesforce, Microsoft Dynamics, Zendesk, and more. Offering global support in all time zones & development teams in 5 continents, its patented geo-routing solution ensures consistent voice quality.
Sprinklr is a comprehensive enterprise software company for all customer-focused functions. With advanced AI, Sprinklr’s unified customer experience management (Unified-CXM) platform lets organisations offer human experiences to every customer, every time, across any modern channel.
Upland offers a comprehensive suite of contact centre and customer service solutions with products including InGenius, Panviva, Rant & Rave, and RightAnswers. InGenius enables organisations to connect their existing phone system with CRM, further enhancing agent productivity. Panviva provides compliant and omnichannel capabilities for highly regulated industries. Whereas, Rant & Rave, and RightAnswers are its AI-powered solutions, 
Zoho Social, a part of Zoho’s suite of 50+ products, is a comprehensive social media management platform for businesses and agencies. The Zoho Social dashboard includes a robust set of features, such as Publishing Calendar, Bulk Scheduler, and Approval Management to offer businesses all the essential social media publishing tools. Its monitoring tools help enterprises track and respond to relevant social conversations.
Hootsuite, headquartered in Vancouver, is a social media management platform that streamlines the process of managing multiple social media accounts. Some of its core offerings include social media content planning and publishing, audience engagement tools, analytics and social advertising. Its easy-to-integrate capabilities help marketing teams to schedule and publish social media posts efficiently.
Brandwatch enables businesses to build and scale the optimal strategy for their clients with intuitive, use-case-focused tools that are easy and quick to master. Bringing together consumer intelligence and social media management, the company helps its users react to the trends that matter, collaborate on data-driven content, shield the brand from threats and manage all the social media channels at scale.
Zoho Corporation offers innovative and tailored software to help leaders grow their business. Zoho’s 55+ products aid sales and marketing, support and collaboration, finance, and recruitment requirements. Its customer analytics capabilities come with a conversational feature, Ask Zia. It enables users to ask questions and get insights in the form of reports and widgets in real-time.
Salesforce-owned Tableau is an AI-powered analytics and business intelligence platform, offering the breadth and depth of capabilities that serve the requirements of global enterprises in a seamless, integrated experience. Marketers can utilise generative AI models, AI-powered predictions, natural language querying, and recommendationsons.
Fullstory is a behavioural data platform, helping C-suite leaders make informed decisions by injecting digital behavioural data into its analytics stack. Its patented technology uncovers the power of quality behavioural data at scale, transforming every digital visit into actionable insights. Enterprises can increase funnel conversion and identify their highest-value customers effortlessly.
Contentsquare is a cloud-based digital experience analytics platform, helping brands track billions of digital interactions, and turn those digital 
Amplitude is a product analytics platform, enabling businesses to track visitors with the help of collaborative analytics. The platform leverages the capabilities of 
Adobe Experience Cloud offers a comprehensive set of applications, capabilities, and services specifically designed to address day-to-day requirement for personalised customer experiences at scale. Its platform helps play an essential role in managing different digital content or assets to improve customer happiness. Its easy-to-optimise content gives users appropriate marketing streams, ensuring product awareness.
Started in 2005 in a Sweden-based small town, Norrköping, Voyado offers a customer experience cloud platform that includes a customer loyalty management system. This platform helps businesses design and implement customer loyalty programs, track customer 
TapMango provides a comprehensive, customisable, flexible and feature-rich customer loyalty program. The loyalty tools include an integrated suite of customised consumer-facing technology, easy-to-use merchant tools, and automation algorithms, all aimed at enhancing customer experience. Adaptable to any industry, TapMango’s platform helps merchants compete with larger chains, converting customer one-time purchases into profitable spending habits.
Adobe Experience Cloud offers a comprehensive set of applications, capabilities, and services specifically designed to address day-to-day requirements for personalised customer experiences at scale. Its innovative platform has played an essential role in managing different digital content or assets, to improve customer happiness or satisfaction. Some of its products include Adobe Gen Studio, Experience Manager Sites, Real-time CDP, and Marketo Engage.
