Learn to say popular software supply chain security tool names correctly.
0 / 5 completed
1 / 5
How is Syft (CLI tool that generates a software bill of materials from container images) correctly pronounced?
Syft is pronounced 'SIFT' — exactly like the everyday word for sifting flour, one syllable. In a technical interview: "Syft listed every package inside the image, right down to the transitive OS libraries."
2 / 5
How is Cosign (tool for signing and verifying container images and software artifacts) correctly pronounced?
Cosign is pronounced 'KOH-syn' — 'co-' plus 'sign', stress on KOH, not like the math function 'cosine'. In a technical interview: "Cosign signed the image and pushed the signature straight to the registry alongside it."
3 / 5
How is Sigstore (open-source project providing free signing infrastructure for software) correctly pronounced?
Sigstore is pronounced 'SIG-stor' — 'sig' (short for signature) plus 'store', stress on SIG. In a technical interview: "Sigstore let us verify the build came from our exact CI pipeline, with no long-lived signing key."
4 / 5
How is in-toto (framework for securing the integrity of a software supply chain) correctly pronounced?
in-toto is pronounced 'in-TOH-toh' — Latin for 'as a whole', stress on the second TOH. In a technical interview: "in-toto recorded every build step as a signed link, so we could prove nothing was tampered with."
5 / 5
How is Rekor (Sigstore's tamper-resistant transparency log for signed artifacts) correctly pronounced?
Rekor is pronounced 'REH-kor' — stress on REH, rhymes loosely with 'record' minus the D. In a technical interview: "Rekor gave us a public, append-only record proving exactly when that artifact was signed."