Tag: sigstore

• PyPI's Sigstore-powered attestations are now generally available
• Fulcio Streamlines Onboarding for CI Identity Providers
• Announcing sigstore-java 1.0
• cosign Verification of npm Provenance, GitHub Artifact Attestations, and Homebrew Provenance
• Announcing SigstoreCon: Supply Chain Day
• sigstore-go verification and signing now in beta
• Homebrew's Sigstore-powered provenance is in beta
• Sigstore Announcement: New TUF Trust Root and Client Compatibility
• Sigstore - An OpenSSF Graduated Project
• Sigstore February Roundup
• Sigstore January Roundup
• Sigstore November Roundup
• OpenPubkey and Sigstore
• Announcing sigstore-go
• npm's Sigstore-powered provenance goes GA
• Announcing sigstore-python 2.0
• Trusted Time in Sigstore
• Sigstore Announcement: No Longer Publishing Cosign Releases to GCS Bucket
• Announcing the Sigstore Clients Special Interest Group (sig-clients)
• Bringing Privacy and Security Full Circle Through Automated Authentication
• Sigstore Support in npm launches for Public Beta
• Cosign 2.0 Released!
• Cosign and Policy-controller with GKE, Artifact Registry and KMS
• Towards Easier, More Secure Signature Technology for the Java Ecosystem with Sigstore
• Sigstore January Roundup
• A Guide to Running Sigstore Locally
• Announcing the 1.0 release of sigstore-python
• Why you can’t use Sigstore without Sigstore
• Sigstore December Roundup
• How to become the next Sigstore Evangelist?
• Securing Your Software Supply Chain Without Changing Your DevOps Workflow
• Signatus, ergo securus? Who can sign what with TUF and Sigstore
• New Sigstore Landscape: Add your signed project
• Using Sigstore to meet FedRAMP Compliance at Autodesk
• 'Sigstore: Software Signing For Everybody' has been published in the proceedings of the ACM Computer and Communications Security Conference
• Sigstore November Roundup
• Security by Default: How Verizon New Business Incubation Uses Sigstore to Demonstrate Provenance and Improve Customer Confidence
• Sigstore Announces General Availability for Rekor and Fulcio
• Sigstore Proves That Effective Supply Chain Security Doesn’t Have to Hurt
• Sigstore October Roundup
• How Sigstore quickly patched an upstream vulnerability
• Contribute to Sigstore during Hacktoberfest 2022!
• A New Look for Sigstore
• SigstoreCon Program Announced
• Sigstore Update — September 2022
• Signing and Securing Confidential Kubernetes Clusters in the Cloud with Sigstore
• Verify cosign signatures in go using sigstore/sigstore
• Sigstore Update — August 2022
• Adopting Sigstore Incrementally
• Is Sigstore Ready for a Post-Quantum World?
• sigstore, blockchain vs transparency logs
• Privacy in Sigstore
• How to verify container images with Kyverno using KMS, Cosign, and Workload Identity
• Don’t Panic: A Playbook for Handling Account Compromise with Sigstore
• Sigstore ❤ Ruby!
• Sigstore: Bring-your-own sTUF with TUF
• Celebrating 1,000,000 entries in Rekor
• Spooky Updates for Sigstore!
• Sigstore project update — September 2021
• Sigstore Project Update — August 2021
• It’s ten o’clock, do you know where your private keys are?
• Cosign 1.0!
• Cosign 1.0
• Sigstore June Update!
• A New Kind of Trust Root
• What’s Next for Sigstore?
• The Update Framework and You
• How to Sign a Release of OSS
• Cosign Image Signatures
• Cosign — Signed Container Images
• A Safer curl | bash ?
• Sigstore Project Update — April 2021
• SSH is the new GPG