The SigstoreCon call-for-papers closed last month and the program committee has been busy ranking the 23 great submissions received. Many thanks to all who submitted talks. And thanks to our program committee members: Priya Wadhwa, Lily Sturman, Appu Goundan, Jacques Chester, and Batuhan Apaydin.
The program will be announced on September 13. We hope to see you at SigstoreCon our first official event, on October 25 in Detroit, in co-location with KubeCon + CloudNativeCon North America. Register here.
For the first time, we will be hosting Sigstore Awards! The awards are to recognize the wonderful work that you all put into this community to make Sigstore the standard for signing, verifying and protecting software.
We will be giving out three awards and the winners will be nominated by the community and winner selected by the Sigstore Technical Steering Committee.
Nominations are now open and will close on September 20.
Please nominate folks here 👇
The Award Ceremony will take place at SigstoreCon in Detroit on October 25.
Sigstore Case Study
In case you missed it we had a recent Sigstore case study, check it out if you are interested in why organizations are looking to adopt Sigstore:
- Signing and Securing Confidential Kubernetes Clusters in the Cloud with Sigstore by Fabian Kammel of Edgeless Systems
NPM + Sigstore: A first look at sigstore-js
Big new release of sigstore-rs for Rust
This month saw a big release of the sigstore-rs library for rustlang. The 0.4.0 release included some major new features including:
- Full rekor OpenAPI client code
- Crypto key interface
Many thanks to all contributors, including our new contributors:
Other New Releases
Sigstore is currently on version 1.4.0!
Thank you and welcome to our new contributors:
Cosign is container signing, verification and storage in an OCI registry. Its latest release is v1.11.1.
Thank you and welcome to its most recent contributors:
Fulcio issues code-signing certificates bound to OpenID Connect identities for use within the Sigstore ecosystem. Its most recent release is v0.5.3 from August 23.
Thank you and welcome to our newest contributor:
Keyless Git signing with Sigstore! Its latest release is v0.3.0 which features .gitconfig support as well as experimental support for Git based attestations — store attestations about your code directly in your repository! (note: This is not yet included in the main
gitsign binary and is not available as a downloadable release artifact - please install from source).
Check out this recent office hours where Billy Lynch demos the new gitsign attest functionality.
Rekor’s aims to provide an immutable tamper-resistant ledger of metadata generated within a software projects supply chain. Its latest release v0.11.0 was on August 19.
Thank you and welcome Rekor’s newest contributor: Samsondeen.
Get Involved & Good First Issues
As always, we truly welcome contributors and users to our community. We take pride in being friendly to new folks and fostering a welcome and safe environment. Being a large open source project, there is always so much to do, not all of them being complex coding tasks. Valued contributions include: helping with documentation, general testing, and sharing your love of Sigstore with others. We recently highlighted some ‘good first issues’ for those looking for a good place to get started:
Come and join our Slack workspace and say hello!