SigstoreCon: Supply Chain Day is almost here! Register now to join us on Nov 12 in Salt Lake City for a day of talks about Sigstore, SLSA, SBOMs, and more! Swag, lunch, and snacks are included as well! https://lnkd.in/eYUBFWd4
sigstore
Computer and Network Security
A non-profit , public good, software cryptographic signing service
About us
sigstore "Sign and Store" is a Linux Foundation project with the goal of providing a public good / non-profit service to improve the open source software supply chain by easing the adoption of cryptographic software signing, backed by transparency log technologies. sigstore will seek to empower software developers to securely sign software artifacts such as release files, container images, binaries, bill of material manifests and more. Signing materials are then stored into a tamper resistant public log. sigstore will be free to use for all developers and software providers, with sigstore’s code and operation tooling being 100% open source and maintained / developed by the sigstore community.
- Website
-
https://sigstore.dev
External link for sigstore
- Industry
- Computer and Network Security
- Company size
- 2-10 employees
- Headquarters
- London
- Type
- Public Company
- Founded
- 2021
Locations
-
Primary
London, GB
Employees at sigstore
Updates
-
Announcing the schedule for SigstoreCon: Supply Chain Day! We're looking forward to talks on Sigstore development, package registry security, SBOMs, TUF, and more! Register now for SigstoreCon on Nov 12, co-located with Kubecon NA in Salt Lake City. https://lnkd.in/gvYfbPjR
Schedule | SigstoreCon
events.linuxfoundation.org
-
Join us for SigstoreCon: Supply Chain Day! Co-located with Kubecon NA 2024 in Salt Lake City, attendees will learn about simplifying signing and verification for digital artifacts using Sigstore, as well as related software supply chain efforts such as SLSA, The Update Framework, binary transparency, and more! CFP deadline is September 13. Register for SigstoreCon on https://lnkd.in/dzrqtmQ6 !
SigstoreCon Supply Chain Day | LF Events
events.linuxfoundation.org
-
sigstore reposted this
The public beta of Artifact Attestations on GitHub, powered by OpenSSF's sigstore project, helps developers create tamper-proof links between software artifacts and their source code. Read this guest blog by Trevor Rosen to learn more: https://lnkd.in/eJFbz3e4 #OSSSecurity
Introducing Artifact Attestations—Now in Public Beta
https://openssf.org
-
sigstore reposted this
Yesterday, GitHub announced an important new security feature called GitHub Artifact Attestations. It's powered by sigstore (a technology created by our CTO, Luke Hinds) and it helps developers generate and verify signed attestations for anything made with GitHub Actions. 👏 👏 We participated in the private beta for this and have already integrated support into Minder. Specifically, you can now use Minder to apply enhanced security policies using the contents of these signed attestations—for example, validating SBOM data like licenses, or verifying the results of an attested security scan. Here are some more details on this feature, and tutorials on how to verify signed attestations and apply policies using attestation data in Minder: https://lnkd.in/gFpZmq8z
-
sigstore reposted this
Now in Minder—new ways to increase software artifact security: 1️⃣ Configure custom and private sigstore instances 2️⃣ Use additional policy parameters for more expressive provenance checks 3️⃣ Create policies for GitHub Actions security, to protect your artifacts. For example, create allowlists for which actions can run in your repos; restrict Actions permissions; and automatically pin actions to their SHAs (instead of using floating tags) Read more about using Minder for artifact security in this post from engineers Radoslav Dimitrov and Jakub Hrozek: https://lnkd.in/gQ5bMaWu
4 ways to secure your software artifacts with Minder
stacklok.com