A wax seal of security for the digital era
Sigstore is a new standard for signing, verifying, and protecting software.
Sigstore enables developers to validate that the software they are using is exactly what it claims to be using cryptographic digital signatures and transparency log technologies. Sigstore offers a suite of technologies that include Cosign for signing software artifacts, the Fulcio certificate authority, the Rekor transparency log, and Gitsign for signing Git commits. These tools can be used independently, or as one single process, for a holistic approach to open source security.
To address open source and software supply chain security, OpenSSF outlined a 10-point mobilization plan. One of those goals is for 50 of the top 200 projects to adopt an interoperable approach to software signing with Sigstore.
Projects
SigStore Community Talks
Case Studies
