sigstore – Open Source Security Foundation

A wax seal of security for the digital era

Sigstore is a new standard for signing, verifying, and protecting software.

Sigstore enables developers to validate that the software they are using is exactly what it claims to be using cryptographic digital signatures and transparency log technologies. Sigstore offers a suite of technologies that include Cosign for signing software artifacts, the Fulcio certificate authority, the Rekor transparency log, and Gitsign for signing Git commits. These tools can be used independently, or as one single process, for a holistic approach to open source security.

To address open source and software supply chain security, OpenSSF outlined a 10-point mobilization plan. One of those goals is for 50 of the top 200 projects to adopt an interoperable approach to software signing with Sigstore.

Projects

SigStore Community Talks

Case Studies

Recent News

Sigstore OpenSSF Graduated Project

Sigstore Graduates: A Monumental Step Towards Secure Software Supply Chains

OpenSSF | Blog, Sigstore | No Comments

Supply chain security took a giant leap forward this month as Sigstore officially became a graduated project within the Open Source Security Foundation (OpenSSF). This milestone is a testament to…

OpenSSF Sigstore Simplifying Code Signing for Open Source Ecosystems

Sigstore: Simplifying Code Signing for Open Source Ecosystems

OpenSSF | Blog, Sigstore | No Comments

This month’s spotlight focuses on the Sigstore project. Digital signatures play a critical role in the software supply chain, by providing verifiable attributes of authentication, integrity, and non-repudiation of artifacts…

Clarifying Sigstore Terms of Use

Clarifying Sigstore Terms of Use

OpenSSF | Blog, Sigstore | No Comments

The primary activity for The Linux Foundation projects is open collaboration on technical challenges that deliver tangible improvements for developers, companies, industries, and society at large. The focus we’ve always…

Sigstore Announces General Availability at SigstoreCon

OpenSSF | Blog, Press Release, Sigstore | No Comments

Today at SigstoreCon, the Sigstore community announced the general availability of its free software signing service giving open source communities access to production-grade stable services for artifact signing and verification.…

Copyright © 2024 The Linux Foundation® . All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use.