Overview
Learn about the evolution of Sigstore from a single CLI tool to a comprehensive ecosystem in this 29-minute conference talk from GitHub's Cody Soyland. Discover how Sigstore democratizes software signatures and attestations through its three core components: Fulcio (a free public certificate authority), Rekor (a transparency log), and Cosign (a signing tool). Explore the development of the Sigstore Bundle format and its role in enabling interoperability for detached attestations. Understand how language integrations like sigstore-js and sigstore-python are expanding possibilities in package managers, CI workflows, and policy enforcement tools, creating a more secure foundation for FOSS supply chains.
Syllabus
From Cosign to an Ecosystem: The Evolution of Sigstore - Cody Soyland, GitHub
Taught by
OpenSSF