Skip to main content
Sigstore Project Logo White

A wax seal of security for the digital era

Sigstore is a new standard for signing, verifying, and protecting software.

Sigstore enables developers to validate that the software they are using is exactly what it claims to be using cryptographic digital signatures and transparency log technologies. Sigstore offers a suite of technologies that include Cosign for signing software artifacts, the Fulcio certificate authority, the Rekor transparency log, and Gitsign for signing Git commits. These tools can be used independently, or as one single process, for a holistic approach to open source security.

To address open source and software supply chain security, OpenSSF outlined a 10-point mobilization plan. One of those goals is for 50 of the top 200 projects to adopt an interoperable approach to software signing with Sigstore. Learn more

Sigstore Resources

GitHub

Check out the repos and give us a star. Sigstore GitHub

Training

Learn how Sigstore improves the integrity and security of the software supply chain in this free online training course from the OpenSSF. Enroll Free Today

Slack

Join the community and contribute to Sigstore. Join Sigstore Slack

Sigstore Community Talks

User Case Studies

Recent News

Sigstore logo

Sigstore Announces General Availability at SigstoreCon

Oct 25, 2022

Today at SigstoreCon, the Sigstore community announced the general availability of its free software signing service giving open source communities access to production-grade stable services for artifact signing and verification. Sigstore provides a set of tools designed to improve supply chain security by making it easy to sign, verify and…

SigstoreCon North America

First-Ever SigstoreCon at KubeCon + CloudNativeCon North America 2022

Sep 27, 2022

This year SigstoreCon will be hosted for the first time! The one-day event will take place on October 25, in Detroit Michigan, in co-location with KubeCon + CloudNativeCon North America. SigstoreCon aims to help accelerate how you secure your software supply chain. The great news is that this is a…

Security Audit Results for sigstore and slf4j

Results of Sigstore and slf4j Security Audits Including 1 High Risk Vulnerability Found and Fixed

Jul 18, 2022

We’re excited to report the results of two security audits, one for Sigstore and one for slf4j. The goal of security audits is to find vulnerabilities so they can be fixed before attackers exploit them, as well as to identify opportunities to harden a project’s implementation and processes to counter…

Securing Your Software Supply Chain with Sigstore Course

Free Training Course Teaches How to Secure a Software Supply Chain with Sigstore

Jun 22, 2022

To make it easier to use Sigstore’s toolkit to its full potential, OpenSSF and Linux Foundation Training & Certification released a free online training course, Securing Your Software Supply Chain with Sigstore (LFS182x), designed with end users of Sigstore tooling in mind: software developers, DevOps engineers, security engineers, software maintainers,…

Follow Sigstore on Social