 Hi everyone. Thanks, Luke. That was awesome. That was a great overview of six-door. I'm gonna do the complete opposite and do a super deep dive into just one tool. So, a little bit about me. Santiago just covered this. But I'm Priya, I'm a maintainer on the Recording Coastline projects in six-door and I've been working a lot on GA this year. So I just wanted to give a really quick shout out to the GA team. It's been awesome working with you. Everyone did so much this year and they totally crushed it and it's like a huge milestone. I've been looking forward to this moment for a really long time. I'm also a member of the TSC and a software engineer at ChainGuard. So I only have a few minutes to talk to you all today and I hope I can do two things in this time. So the first one is, I hope I can convince you that it's important to start signing your Git commits and the second is, I hope I can convince you that it's really easy to start signing your Git commits and that you actually start doing it. So please sign your Git commit. This is the major takeaway I hope you get from this talk. So why does it matter? Why do we wanna sign our Git commits? So this is six-door con. We're gonna be hearing a lot about supply chain security today and your code base really is that first step of your supply chain and keeping it secure is important. Most just commits are one potential way that an attacker could eject bad code into your code base and then this will propagate along your supply chain. Luckily, cryptographically signing your Git commits can be a really easy way to start mitigating the risk of this attack happening to you. So quick crash course and commit signing. So if you've ever set up like a GPG key with Git, you might have seen this before, but luckily signing and verifying is just built into the Git COI. So you can sign a commit with the Git commit dash S with a capital S for cryptographic signing and you can verify with the Git verify commit. But signing with keys can be challenging. It can be hard to set up these GPG keys. It's hard to keep them secure and as a developer, there are a lot of things you have to think about if you're gonna go down this route. First, do you wanna encrypt your key? I for one am definitely guilty of when I get that prompt on my terminal of please do you wanna enter in a password? I just don't put anything in because I can't remember it and I don't wanna keep typing it in. And so I wouldn't really blame anyone else for doing that either. You might also have to think about how often you need to rotate your keys. And as a developer, like you really just wanna be writing awesome software every day, like it's just not something you really wanna think about and not something you have to worry about. So this is six work on, you probably guessed that if we combo Git commit signing with like the awesome keyless signing properties of six store, we can have the best of both worlds. So we can sign or Git commits and we don't have to manage keys. And if we like combo one, both of these two things, we get six stores latest project, which is Git sign. So if you've ever used cosine before, you'll probably really familiar with this flow. But to be honest, I think Git sign is almost easier to use because it's like a one time install. You just configure your repository and you basically just got Git commit signing after that point. So as a maintainer, I've got like some Git repository, I've got my Git commit and I've already installed Git sign and I'm good to go. After that, every time I wanna sign a commit, I'm gonna be taken through the familiar OAuth flow that you've probably seen, sign in with my email, prove my identity, and then folks use gonna issue me a certificate. The certificate is gonna have my email embedded and I'm also gonna have a signature over my Git commit. Both the signature and the certificate will be included in the transparency log. And so this means that not just you, but anyone with access to this commit can actually verify it and see who signed it, which is pretty cool. So I'm gonna do a really quick demo, move over to my terminal. So I've already installed Git sign, but I need to configure this repo to actually sign with it. So I've got this like cheat sheet script because I can't remember these things on my own. But it's really just like a one time setup. So basically all I've done here is tell Git that I want to sign all my commits, sign all my tags, use Git sign for signing, and that Git sign expects X509 arguments. So now all we have to do is just make a commit. So let's do that. And I'm just gonna make an empty one. And we're immediately sent through like the familiar OAuth flow. I'm just gonna sign in with my email. And easy, yeah, just like one or two extra seconds, but now we have a signed commit. And we can verify this commit just with the verify commit command. And yeah, we've got our entry and recor. We validated the signature, validated the entry in recor. And you can see that I'm the person who signed this commit. One actually one more cool thing that we can show if I just grab the commit that I signed, I can head over to this cool UI we've got which allows us to like visualize entries in the transparency log. So you can actually search specifically by commit. Oh, that's not the right thing. Copy and paste the commit shot in there. And yeah, we got some like cool information about the entry we just created. So it was integrated a few seconds ago into the log. We can see the signature. We can see the details of the certificate. So it's still valid for 10 more minutes and it was issued to me. And you can like see the actual entry itself and the verification that was done to prove that it's a valid entry in the overall log. Cool, so that's pretty much it. I want to say thank you to the Get Sign contributors. It's an awesome project and super easy to install, really easy to use. And I hope I've managed to convince you all to install Get Sign and start signing your commits today. Thank you so much.