Updates and recent posts about Sigstore..

Posts
Description

Story

@laura_garcia shared a post, 2 days, 10 hours ago

Software Developer, RELIANOID

𝗥𝗘𝗟𝗜𝗔𝗡𝗢𝗜𝗗 𝗮𝘁 𝗠𝗼𝗯𝗶𝗹𝗲 𝗪𝗼𝗿𝗹𝗱 𝗖𝗼𝗻𝗴𝗿𝗲𝘀𝘀 𝟮𝟬𝟮𝟲

📍 𝗕𝗮𝗿𝗰𝗲𝗹𝗼𝗻𝗮 | 𝟮–𝟱 𝗠𝗮𝗿𝗰𝗵 𝟮𝟬𝟮𝟲 🚀 𝗝𝗼𝗶𝗻 𝗥𝗘𝗟𝗜𝗔𝗡𝗢𝗜𝗗 𝗮𝘁 𝗠𝗼𝗯𝗶𝗹𝗲 𝗪𝗼𝗿𝗹𝗱 𝗖𝗼𝗻𝗴𝗿𝗲𝘀𝘀 𝟮𝟬𝟮𝟲 (𝗠𝗪𝗖 𝟮𝟲) The world’s most influential connectivity event returns — and this year marks 20 years in Barcelona, celebrating two decades of collaboration between a global tech powerhouse and one of Europe’s most innovative ci..

mwc_barcelona_mobile_world_congress_2026_relianoid

Story

@idjuric660 shared a post, 2 days, 11 hours ago

Technical Content Writer, Mailtrap

5 Best Email API for Laravel Developers Tested & Compared

The best email APIs for Laravel developers are Mailtrap, SendGrid, Mailgun, Amazon SES, and Postmark. To provide you with a fair and unbiased comparison of these APIs, I researched and tested them all with the help of Mailtrap email deliverability experts, security team, and developers. Together, we..

Activity

@aliasceasar026 started using tool Crypto-Loot , 2 days, 13 hours ago.

Activity

@tonybrain-dotcom started using tool Vue.js , 3 days, 3 hours ago.

Activity

@tonybrain-dotcom started using tool TypeScript , 3 days, 3 hours ago.

Activity

@tonybrain-dotcom started using tool Shopify , 3 days, 3 hours ago.

Activity

@tonybrain-dotcom started using tool React Router , 3 days, 3 hours ago.

Activity

@tonybrain-dotcom started using tool React Redux , 3 days, 3 hours ago.

Activity

@tonybrain-dotcom started using tool React , 3 days, 3 hours ago.

Activity

@tonybrain-dotcom started using tool Python , 3 days, 3 hours ago.

Sigstore is an open source initiative designed to make software artifact signing and verification simple, automatic, and widely accessible. Its primary goal is to improve software supply chain security by enabling developers and organizations to cryptographically prove the origin and integrity of the software they build and distribute.

At its core, sigstore removes many of the traditional barriers associated with code signing. Instead of managing long-lived private keys manually, sigstore supports keyless signing, where identities are issued dynamically using OpenID Connect (OIDC) providers such as GitHub Actions, Google, or Microsoft. This dramatically lowers operational complexity and reduces the risk of key compromise.

The sigstore ecosystem is composed of several key components:

- Cosign: A tool for signing, verifying, and storing signatures for container images and other artifacts. Signatures are stored alongside artifacts in OCI registries, rather than embedded in them.

- Fulcio: A certificate authority that issues short-lived X.509 certificates based on OIDC identities, enabling keyless signing.

- Rekor: A transparency log that records signing events in an append-only, tamper-evident ledger. This provides public auditability and detection of suspicious or malicious signing activity.

Together, these components allow anyone to verify who built an artifact, when it was built, and whether it has been tampered with, using publicly verifiable cryptographic proofs. This aligns closely with modern supply chain security practices such as SLSA (Supply-chain Levels for Software Artifacts).

sigstore is widely adopted in the cloud-native ecosystem and integrates with tools like Kubernetes, container registries, CI/CD pipelines, and package managers. It is commonly used to sign container images, Helm charts, binaries, and SBOMs, and is increasingly becoming a baseline security requirement for production software delivery.

The project is governed by the OpenSSF (Open Source Security Foundation) and supported by major industry players.