Announcing the Sigstore Transparency Log Research Dataset

We’re pleased to announce the creation of a new BigQuery public dataset, rekor. The rekor dataset is an easily-queryable mirror of the public good instance of Sigstore’s transparency log, Rekor. As a reminder, signing events are recorded in Rekor, Sigstore’s append-only transparency log. Software consumers rely on cryptographic proofs of log inclusion to verify that software artifacts are recorded to the log. Software producers can verify metadata in the log, verifying that the recorded signature metadata was produced as expected when their identities or keys were used to sign artifacts, using a Rekor monitor.

Trusting AI Models in Kubernetes: Introducing the Sigstore Model Validation Operator

As machine learning becomes deeply embedded in critical infrastructure, the question of trust in deployed models is increasingly critical. How can we be sure that an AI model running in a Kubernetes cluster is exactly what it claims to be? The OpenSSF AI/ML working group believes the answer can be found in signing AI models. A long-standing practice in traditional software distribution is to leverage cryptographic signatures to help end-users verify provenance: that software is authentic, has not been tampered with, and was authored by the expected creator.

Sigstore & Post-Quantum Cryptography (2025)

In the coming years, systems will transition to post-quantum cryptographic algorithms (PQCA). There is some inherent tension in these transitions as we learn things through adoption, but making decisions too soon can saddle you with tech debt. The quick summary is that the Sigstore project wants to enable people to sign content with PQCA keys as soon as possible, and adopt PQCA in the Sigstore services (like Fulcio, Rekor, and a timestamp authority) when reliable and vetted PQCA is available in the Go ecosystem.

sigstore-go 1.0 is now available

We love Go within the Sigstore community, and it’s been our language of choice since we got started. Cosign, Rekor, Fulcio, Policy Controller, and Timestamp Authority are all written in Go, and we’re lucky to have such a vibrant community of Go developers. Cosign was the de-facto Sigstore “client” from the beginning. Originally designed as a container image signing tool, it has become much more, introducing signing with ephemeral keys (with Fulcio), blob signing, attestation support, multi-cloud KMS support, and many more features.

Verifying Sigstore Bundles as an End User

There’s a mnemonic for quickly determining if a bicycle is safe to ride: “ABC” for checking the air in the tires, ensuring the brakes are functional, and checking the chain. It doesn’t definitively answer the question “is this bike safe?” but it does give you a quick starting point for your assessment. Let’s say you download some software and it comes with a Sigstore bundle. Similarly, there isn’t a quick, definitive answer to “is this software safe to use?