Open Source Security Foundation (OpenSSF)

A wax seal of security for the digital era

Sigstore is a new standard for signing, verifying, and protecting software.

Sigstore enables developers to validate that the software they are using is exactly what it claims to be using cryptographic digital signatures and transparency log technologies. Sigstore offers a suite of technologies that include Cosign for signing software artifacts, the Fulcio certificate authority, the Rekor transparency log, and Gitsign for signing Git commits. These tools can be used independently, or as one single process, for a holistic approach to open source security.

To address open source and software supply chain security, OpenSSF outlined a 10-point mobilization plan. One of those goals is for 50 of the top 200 projects to adopt an interoperable approach to software signing with Sigstore. Learn more

Sigstore Resources

GitHub

Check out the repos and give us a star. Sigstore GitHub

Training

Learn how Sigstore improves the integrity and security of the software supply chain in this free online training course from the OpenSSF. Enroll Free Today

Slack

Join the community and contribute to Sigstore. Join Sigstore Slack

Sigstore Community Talks

User Case Studies

Recent News

[recent_posts_basic design=”basic-design” category_id=”28″ limit=”4″ pagination=”hide-pagination”]

Follow Sigstore on Social

Copyright © 2023 The Linux Foundation® . All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use.

A wax seal of security for the digital era

Sigstore Resources

GitHub

Training

Slack

Sigstore Community Talks

User Case Studies

Recent News

Follow Sigstore on Social

Twitter

YouTube

Blog

Subscribe to the OpenSSF Mailing List!

Get the latest announcements, event info, and the community news in your inbox.