Sigstore

Oct 15

Announcing the Sigstore Transparency Log Research Dataset

By OpenSSF Blog, Guest Blog, Sigstore

We’re pleased to announce the creation of a new BigQuery public dataset, rekor. The rekor dataset is an easily-queryable mirror of the public good instance of Sigstore’s transparency log, Rekor.

Jul 23

Love0

Case Study: Google Secures Machine Learning Models with sigstore

By OpenSSF Blog, Case Studies, Sigstore

As machine learning (ML) evolves at lightning speed, so do the threats. The rise of large models like LLMs has accelerated innovation—but also introduced serious vulnerabilities. Data poisoning, model tampering,…

Dec 16

Love0

SigstoreCon 2024: Advancing Software Supply Chain Security

By OpenSSF Blog, Sigstore

On November 12, 2024, the software security community gathered in Salt Lake City for SigstoreCon: Supply Chain Day, co-located with KubeCon North America 2024. The one-day conference brought together developers,…

Jun 04

Love0

OpenSSF Case Study: Enhancing Open Source Security with Sigstore at Stacklok

By OpenSSF Blog, Case Studies, Sigstore

Stacklok was founded in 2023 by Craig McLuckie (co-creator of Kubernetes) and Luke Hinds (creator of the OpenSSF project Sigstore), with the goal of helping developers produce and consume open…

Mar 20

Love0

Sigstore Graduates: A Monumental Step Towards Secure Software Supply Chains

By OpenSSF Blog, Sigstore

Supply chain security took a giant leap forward this month as Sigstore officially became a graduated project within the Open Source Security Foundation (OpenSSF). This milestone is a testament to…

Feb 16

Love0

Scaling Up Supply Chain Security: Implementing Sigstore for Seamless Container Image Signing

By OpenSSF Blog, Case Studies, Guest Blog, Sigstore

In this post, we will explore how Yahoo leverages Sigstore, in concert with Athenz, an open source platform for managing X.509 certificates, as an internal Certificate Authority, to sign and verify…

Nov 21

Love0

Sigstore: Simplifying Code Signing for Open Source Ecosystems

By OpenSSF Blog, Sigstore

This month’s spotlight focuses on the Sigstore project. Digital signatures play a critical role in the software supply chain, by providing verifiable attributes of authentication, integrity, and non-repudiation of artifacts…

Mar 30

Love0

Clarifying Sigstore Terms of Use

By OpenSSF Blog, Sigstore

The primary activity for The Linux Foundation projects is open collaboration on technical challenges that deliver tangible improvements for developers, companies, industries, and society at large. The focus we’ve always…

Oct 25

Love0

Sigstore Announces General Availability at SigstoreCon

By OpenSSF Blog, Press Release, Sigstore

Today at SigstoreCon, the Sigstore community announced the general availability of its free software signing service giving open source communities access to production-grade stable services for artifact signing and verification.…

Sep 27

Love0

First-Ever SigstoreCon at KubeCon + CloudNativeCon North America 2022

By OpenSSF Blog, Sigstore

This year SigstoreCon will be hosted for the first time! The one-day event will take place on October 25, in Detroit Michigan, in co-location with KubeCon + CloudNativeCon North America.…

Announcing the Sigstore Transparency Log Research Dataset

Case Study: Google Secures Machine Learning Models with sigstore

SigstoreCon 2024: Advancing Software Supply Chain Security

OpenSSF Case Study: Enhancing Open Source Security with Sigstore at Stacklok

Sigstore Graduates: A Monumental Step Towards Secure Software Supply Chains

Scaling Up Supply Chain Security: Implementing Sigstore for Seamless Container Image Signing

Sigstore: Simplifying Code Signing for Open Source Ecosystems

Clarifying Sigstore Terms of Use

Sigstore Announces General Availability at SigstoreCon

First-Ever SigstoreCon at KubeCon + CloudNativeCon North America 2022

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get the latest announcements, event info, and the community news in your inbox