By Tracy Miranda, Chainguard
In the motor city, the community hosted the first-ever Sigstore event, SigstoreCon, in co-location with KubeCon + CloudNativeCon North America. Event highlights included the announcement of Sigstore general availability, an awards ceremony, engaging talks, and introduction of a Sigstore Landscape. If you missed out, the session recordings are now available.
Sigstore announced General Availability (GA) for the Rekor transparency log and Fulcio certificate authority public benefit services! The community has been working hard all year to accomplish this milestone, and we are thrilled that open source communities can now confidently rely on Sigstore for production-grade stable services for artifact signing and verification.
We’d like to thank the speakers, the program committee, the Linux Foundation Events Team, and the attendees for making the event so great!
The community hosted its first award ceremony and gave out three Sigstore Awards. Thank you to the following community members for their support and all their hard work:
- Best User Adopter: SLSA GitHub Generators
- Best Evangelist: Batuhan (developer-guy) APAYDIN
- Most Valuable Contributor: Asra Ali
Watch the Talk Recordings
We had 17 fantastic talks that demonstrated all aspects of our growing ecosystem—thank you to all our speakers!
Some highlights include:
- Sigstore for Python Packaging: Next Steps for Adoption by William Woodruff was a terrific summary of the history of Python packaging, how the Python community turned to Sigstore and what they would like to see from Sigstore going forward.
- Platform- Driven Compliance with Sigstore at Autodesk: Jesse Sanford gave an enterprise view of how to use Sigstore as part of an end-to-end compliance solution that addresses FedRamp and other concerns.
- Who’s Verifying Your Signatures? Approaching Private Container Image Signing: Ethan Lowman looked at all the pros & cons of different technologies in this space that Datadog considered using before diving into Sigstore.
All the talks are available on YouTube ⬇️
There’s also now a Sigstore Landscape available as part of the OpenSSF Landscape. It gives an overview of the technologies that form Sigstore’s growing ecosystem. Check it out and add your signed project by creating a pull request. The Contribution Guide is available here.