Sigstore Blog - Sigstore Blog

Jan 10, 2022

Written by Santiago Torres-Arias

Celebrating 1,000,000 entries in Rekor

We’ve finally reached a million entries! We hit a million entries by the end of 2021: rekor-cli get — log-index 1000000 LogID: c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d Index: 1000000 IntegratedTime: 2021–12–27T21:34:27Z UUID: abb93264122dc2eb6da3ac77957978dda3ceb3521ab52cdff8490b23eaf791c1 As a double milestone — the turn of the year and the next order of magnitude — this is a good opportunity to look into what’s become of the Sigstore ecosystem since its inception. Throughout the last year, we’ve seen a lot of different initiatives, new types of signatures added, tools, major features, and more from the whole community.

Tags: sigstore , softwaresupplychain , softwareengineering

Oct 29, 2021

Written by Dan Lorenc

Spooky Updates for Sigstore!

October is almost done, so it’s time for another update! The supply chains are clearly haunted, so this one has a spooky theme. The community is still growing quickly, and the fancy new “Contributor Strength” dashboard reflects it! In other numbers, we’re at 820 commits from 85 committers, and our slack channel has reached 710 members! Keep the PRs coming everyone! The Sigstore talk at Kubecon went very well, and the Sigstore booth was a huge success!

Tags: sigstore , infosec , security

Oct 1, 2021

Written by Luke Hinds

Sigstore project update — September 2021

Well another month has passed and as per usual in the sigstore world, a lot has happened! Since our last update in August we have over double the amount of contributors working on sigstore! There has been a leap from 46 to 98! wow! KubeCon NA 20201 sigstore will be at KubeCon North America with it’s own booth, so if you’re in person at the event, come and say hi! We will be at booth number S86

Tags: sigstore , security , devsecops

Aug 31, 2021

Written by Luke Hinds

Sigstore Project Update — August 2021

Welcome to our project update for August. As always the community is continuing to expand. We are now close to 600 members in our slack workspace. We now have 46 contributors and are growing each day. The month of August saw 254 commits and 526k lines of code were changed! Lots of exciting things are happening, read more for our project updates and our presence at KubeCon, NA. cosign Cosign hit 1.

Tags: sigstore , security , devsecops

Aug 3, 2021

Written by Asra Ali, Appu Goundan

It’s ten o’clock, do you know where your private keys are?

Short-lived certificates are great — a short lifetime removes the need for complicated revocation policies and reduces an attacker’s window of opportunity. Yet using short-lived certificates in the software supply chain brings a lifetime problem: how can users trust artifacts after the certificate’s expiration? Repeatedly signing artifacts and requesting certificates is tedious. Really, distributors only need to prove that artifacts were signed when the certificate was valid… with timestamps! Enter SigStore’s new, free, open-source RFC 3161 timestamping service on the transparency log Rekor!

Tags: sigstore , security , opensource , softwaresupplychain

Newer

Older