Sigstore Reaches GA For Working To Secure The Open-Source Software Supply Chain

Written by Michael Larabel in Free Software on 30 October 2022 at 06:00 AM EDT. Add A Comment
FREE SOFTWARE
Sigstore that is backed by Google, Red Hat, GitHub, and other prominent organizations with an aim to secure the open-source software supply chain has reached general availability and issued the "v1.0" releases for their key software components.

This week Sigstore celebrated its general availability milestone and releasing the v1.0 software of their Rekor transparency log and Fulcio certificate authority software. Sigstore now considers itself to be production-grade for software artifact signing and verification.


Sigstore provides the means of easily and cryptographically-backed means of signing code, verifying signatures using a transparency log, and monitoring of activity for safely vetting the software supply chain. On the project site of sigstore.dev, Sigstore describes itself as:
sigstore is a set of tools developers, software maintainers, package managers and security experts can benefit from. Bringing together free-to-use open source technologies like Fulcio, Cosign and Rekor, it handles digital signing, verification and checks for provenance needed to make it safer to distribute and use open source software.

A standardized approach

This means that open source software uploaded for distribution has a stricter, more standardized way of checking who’s been involved, that it hasn’t been tampered with. There’s no risk of key compromise, so third parties can’t hijack a release and slip in something malicious.

Those wishing to learn more about Sigstore's general availability this week can read more information about it on the Google Open-Source Blog and Sigstore blog.
Add A Comment
Related News
ollama v0.3 Released With Llama 3.1 Support & Mistral Large 2
LZ4 v1.10 Introduces Multi-Threading Support For Major Compression Speedups
Blender 4.2 LTS Released With GPU Accelerated Compositing, Intel OIDN On AMD GPUs
libavif 1.1 Released For Improving AVIF Image Encoding
Meta Releases IGL 1.0 As Intermediate Graphics Library Built Atop Vulkan & OpenGL
The State Of Text Rendering 2024 & The Future Of The Stack With Rust
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
EXT4 Has A Very Nice Performance Optimization For Linux 6.11
systemd Talks Up Automatic Boot Assessment In Light Of The Crowdstrike-Microsoft Outage
XZ Patches For The Linux Kernel Updated, Drops "Jia Tan" As A Maintainer
New Linux Patches Enable The Snapdragon X1 Elite Powered Lenovo ThinkPad T14s Gen 6
KDE Developers Tackle The Five Most Common Plasma Crashes
USB & Thunderbolt Improvements Land In Linux 6.11
NVIDIA 560 Linux Driver Beta Released - Defaults To Open GPU Kernel Modules
Mesa 24.2-rc1 Released With Many OpenGL & Vulkan Driver Improvements