Published insigstoreKubernetes signals massive adoption of Sigstore for protecting open source ecosystemKubernetes 1.24 will be the first release officially using Sigstore, enabling seamless verification of signatures to protect against supply…May 3, 2022May 3, 2022
Published insigstoreSigstore ❤ Ruby!We started the Sigstore project with a goal of making key management, certificates, and digital signatures accessible and easy to use for…Jan 28, 2022Jan 28, 2022
The Sigstore Trust ModelI hope this post can help reduce confusion around exactly how Sigstore’s trust model works, and how trust flows from the community root…Dec 9, 2021Dec 9, 2021
Notary V2 and CosignThis post is to help reduce confusion between the Notary V2/Notation and Cosign projects. This is a common question from end users that I…Nov 8, 20212Nov 8, 20212
Published insigstoreSpooky October Updates for Sigstore!October is almost done, so it’s time for another update! The supply chains are clearly haunted, so this one has a spooky theme.Oct 29, 2021Oct 29, 2021
Zero Trust Supply Chain SecurityThis post accompanies a talk I just gave at the 2021 Open Source Summit, called Zero Trust Supply Chain Security. The slides are available…Oct 2, 20211Oct 2, 20211
A Bit of Ambiance comes to SigstoreZero-trust security starts with trusting actual entities based on strong identity, not whoever happens to control a secret, or whoever gets…Sep 16, 2021Sep 16, 2021
Improving TOFU With TransparencyTOFU is an OK substitute for when you have nothing better, but it’s never the best choice.Aug 22, 2021Aug 22, 2021
Should You Sign Git Commits?Maybe, but probably for a different reason than you thinkJul 4, 20213Jul 4, 20213
Published insigstoreA New Kind of Trust RootAnnouncing the Sigstore Root Key CeremonyJun 8, 2021Jun 8, 2021
