Join us

ContentUpdates and recent posts about Sigstore..
ย Activity
mjh
@mjh started using tool Amazon ALB , 14ย hours, 22ย minutes ago.
Story FAUN.dev() Team
eon01
@eon01 shared a post, 15ย hours ago
Founder, FAUN.dev

Announcing FAUN.sensei() โ€” Self-paced guides to grow fast โ€” even when tech moves faster.

#DevOpsย  #coursesย  #e-learn...ย  #Learnin...ย  #kuberne...ย 
Docker GitLab CI/CD Helm Kubernetes GitHub Copilot

After months of hard work, FAUN.sensei() is finally alive!

FAUN.sensei()
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
Story
laura_garcia
@laura_garcia shared a post, 21ย hours ago
Software Developer, RELIANOID

๐ŸŒŸ ๐—ช๐—ฒโ€™๐—ฟ๐—ฒ ๐—›๐—ถ๐—ฟ๐—ถ๐—ป๐—ด! ๐—๐—ผ๐—ถ๐—ป ๐˜๐—ต๐—ฒ ๐—ฅ๐—˜๐—Ÿ๐—œ๐—”๐—ก๐—ข๐—œ๐—— ๐—ง๐—ฒ๐—ฎ๐—บ ๐ŸŒŸ

Are you passionate about technology, networking, and innovation? At RELIANOID, weโ€™re building cutting-edge solutions that power secure, scalable, and reliable infrastructures โ€” and weโ€™re looking for talented people to join us on this journey! ๐Ÿš€ Whether youโ€™re an experienced professional or just star..

careers RELIANOID hiring
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
ย Activity
arunsanna
@arunsanna added a new tool AWS-Sage , 1ย day, 7ย hours ago.
ย Activity
human_in_growth
@human_in_growth started using tool Rust , 1ย day, 7ย hours ago.
ย Activity
human_in_growth
@human_in_growth started using tool Ruby , 1ย day, 7ย hours ago.
ย Activity
human_in_growth
@human_in_growth started using tool Prometheus , 1ย day, 7ย hours ago.
ย Activity
human_in_growth
@human_in_growth started using tool PostgreSQL , 1ย day, 7ย hours ago.
ย Activity
human_in_growth
@human_in_growth started using tool Node.js , 1ย day, 7ย hours ago.
ย Activity
human_in_growth
@human_in_growth started using tool Grafana , 1ย day, 7ย hours ago.
Sigstore is an open source initiative designed to make software artifact signing and verification simple, automatic, and widely accessible. Its primary goal is to improve software supply chain security by enabling developers and organizations to cryptographically prove the origin and integrity of the software they build and distribute.

At its core, sigstore removes many of the traditional barriers associated with code signing. Instead of managing long-lived private keys manually, sigstore supports keyless signing, where identities are issued dynamically using OpenID Connect (OIDC) providers such as GitHub Actions, Google, or Microsoft. This dramatically lowers operational complexity and reduces the risk of key compromise.

The sigstore ecosystem is composed of several key components:

- Cosign: A tool for signing, verifying, and storing signatures for container images and other artifacts. Signatures are stored alongside artifacts in OCI registries, rather than embedded in them.

- Fulcio: A certificate authority that issues short-lived X.509 certificates based on OIDC identities, enabling keyless signing.

- Rekor: A transparency log that records signing events in an append-only, tamper-evident ledger. This provides public auditability and detection of suspicious or malicious signing activity.

Together, these components allow anyone to verify who built an artifact, when it was built, and whether it has been tampered with, using publicly verifiable cryptographic proofs. This aligns closely with modern supply chain security practices such as SLSA (Supply-chain Levels for Software Artifacts).

sigstore is widely adopted in the cloud-native ecosystem and integrates with tools like Kubernetes, container registries, CI/CD pipelines, and package managers. It is commonly used to sign container images, Helm charts, binaries, and SBOMs, and is increasingly becoming a baseline security requirement for production software delivery.

The project is governed by the OpenSSF (Open Source Security Foundation) and supported by major industry players.