Sigstore Blog - Sigstore Blog

Oct 10, 2022

Written by Hayden Blauzvern

How Sigstore quickly patched an upstream vulnerability

Summary On October 3, 2022, Dex, the federated identity provider that Sigstore uses to issue identity tokens, published CVE-2022-39222 with a GitHub Security Advisory. Sigstore was vulnerable to this CVE, but we were able to quickly mitigate the vulnerability in June before an official fix was published. Details On June 13, 2022, Joern Schneeweisz from the GitLab Security Research Team disclosed a vulnerability to Sigstore where an attacker executing a phishing campaign against a user can acquire a user’s identity token through a backchannel.

Tags: sigstore , security , opensource , supplychain

Sep 30, 2022

Written by Sigstore

Contribute to Sigstore during Hacktoberfest 2022!

This year, Sigstore is participating in Hacktoberfest for the first time! What is Hacktoberfest? Hacktoberfest is a month-long celebration that encourages people to contribute to open source. Digital Ocean, along with its partners, hosts it every year. Who can participate? Everyone and anyone is welcome to participate in Hacktoberfest (and to contribute to Sigstore). The first 40,000 participants (maintainers and contributors) who complete Hacktoberfest can elect to receive one of two prizes: a tree planted in their name, or the Hacktoberfest 2022 t-shirt.

Tags: sigstore , hacktoberfest , sigstorecon , releases , securesupplychain

Sep 21, 2022

Written by di_codes

A New Look for Sigstore

You may have noticed Sigstore has a brand new logo! And not just the main logo but there are new logos for Rekor, Cosign, Fulcio and Gitsign. As the community works towards GA, we also wanted to spend some time sprucing up the Sigstore brand! We’re happy to share the new Sigstore logos and color palette. New Logo In November 2021, Sigstore joined the Open Source Security Foundation (OpenSSF) as a project.

Tags: sigstore , gitsign , softwaresupplychain , securesoftware , cosign

Sep 14, 2022

Written by Tracy Miranda

SigstoreCon Program Announced

This year we are hosting the very first Sigtorecon in Detroit, Michigan as part of Kubecon + CloudNativeCon North America. The event will take place on October 25th 2022. SigstoreCon is a one-day vendor neutral conference organized by the Sigstore community and focused on all things Sigstore. We’re happy to announce the program for the first-ever SigstoreCon is now ready! Thank you to everyone who took the time to submit a talk.

Tags: sigstore , kubecon , securesoftware , supplychainsecurity

Sep 8, 2022

Written by Tracy Miranda

Sigstore Update — September 2022

SigstoreCon The SigstoreCon call-for-papers closed last month and the program committee has been busy ranking the 23 great submissions received. Many thanks to all who submitted talks. And thanks to our program committee members: Priya Wadhwa, Lily Sturman, Appu Goundan, Jacques Chester, and Batuhan Apaydin. The program will be announced on September 13. We hope to see you at SigstoreCon our first official event, on October 25 in Detroit, in co-location with KubeCon + CloudNativeCon North America.

Tags: sigstore , javascript , softwaresecurity , softwaresupplychain , kubecon

Newer

Older