Learn about the evolution of Sigstore from a single CLI tool to a comprehensive ecosystem in this 29-minute conference talk from GitHub's Cody Soyland. Discover how Sigstore democratizes software signatures and attestations through its three core components: Fulcio (a free public certificate authority), Rekor (a transparency log), and Cosign (a signing tool). Explore the development of the Sigstore Bundle format and its role in enabling interoperability for detached attestations. Understand how language integrations like sigstore-js and sigstore-python are expanding possibilities in package managers, CI workflows, and policy enforcement tools, creating a more secure foundation for FOSS supply chains.
From Cosign to an Ecosystem - The Evolution of Sigstore
Overview
Syllabus
From Cosign to an Ecosystem: The Evolution of Sigstore - Cody Soyland, GitHub
Taught by
OpenSSF
Related Courses
-
Securing Your Software Supply Chain with Sigstore
-
Zero Trust Supply Chains with Project Sigstore and SPIFFE
-
Software Supply Chain Integrity with Sigstore
-
The Road to SLSA4 - Applying the Sigstore Ecosystem in a Corporate Environment
-
Hands-on Introduction to Sigstore - Securing the Software Supply Chain
-
Sigstore: Evolution and Future of Software Security Signing
