Skip to main content
Category

Sigstore

Clarifying Sigstore Terms of Use

Clarifying Sigstore Terms of Use

By Blog, Sigstore

The primary activity for The Linux Foundation projects is open collaboration on technical challenges that deliver tangible improvements for developers, companies, industries, and society at large. The focus we’ve always taken is on open source code as a starting point for truly great outcomes that improve the technologies we – and the world – depend on every day. Today we have clarified the terms that apply when users submit data to the community-hosted instance of Sigstore. We would like to share some of the changes with you to help the community better understand what we’ve put together. 

Read More
Sigstore logo

Sigstore Announces General Availability at SigstoreCon

By Blog, Press Release, Sigstore

Today at SigstoreCon, the Sigstore community announced the general availability of its free software signing service giving open source communities access to production-grade stable services for artifact signing and verification. Sigstore provides a set of tools designed to improve supply chain security by making it easy to sign, verify and check the software developers are building and consuming. 

Read More
SigstoreCon North America

First-Ever SigstoreCon at KubeCon + CloudNativeCon North America 2022

By Blog, Sigstore

This year SigstoreCon will be hosted for the first time! The one-day event will take place on October 25, in Detroit Michigan, in co-location with KubeCon + CloudNativeCon North America. SigstoreCon aims to help accelerate how you secure your software supply chain. The great news is that this is a vendor-neutral conference organized by the open source Sigstore community and will focus on all things Sigstore.

Read More
Security Audit Results for sigstore and slf4j

Results of Sigstore and slf4j Security Audits Including 1 High Risk Vulnerability Found and Fixed

By Blog, Sigstore

We’re excited to report the results of two security audits, one for Sigstore and one for slf4j. The goal of security audits is to find vulnerabilities so they can be fixed before attackers exploit them, as well as to identify opportunities to harden a project’s implementation and processes to counter vulnerabilities in the future. The Sigstore and slf4j teams demonstrated a strong commitment to improving security posture by requesting independent review and actively participating in the audit process. 

Read More
Securing Your Software Supply Chain with Sigstore Course

Free Training Course Teaches How to Secure a Software Supply Chain with Sigstore

By Blog, Sigstore

To make it easier to use Sigstore’s toolkit to its full potential, OpenSSF and Linux Foundation Training & Certification released a free online training course, Securing Your Software Supply Chain with Sigstore (LFS182x), designed with end users of Sigstore tooling in mind: software developers, DevOps engineers, security engineers, software maintainers, etc.

Read More