Join us

ContentUpdates and recent posts about Sigstore..
Link
anjali
@anjali shared a link, 1 year, 1 month ago
Customer Marketing Manager, Last9

A Practical Guide to Monitoring Ubuntu Servers

Learn how to set up effective monitoring for your Ubuntu servers, from basic to advanced strategies, to keep your systems running smoothly.

logging
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
Story
mikewilsonn
@mikewilsonn shared a post, 1 year, 1 month ago
Content Strategist, SunTec India

How US Businesses Are Leveraging Dedicated .NET Developers for Enterprise Success

Discover why US enterprises choose .NET development services and how hiring dedicated .NET developers delivers ROI through enhanced performance, security, and innovation capabilities.

.NET Developers
999 views  
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
Story
richkurtzman
@richkurtzman shared a post, 1 year, 1 month ago
Brand Communications, @fathymit

Lessons learned working from home at a new company

Working from home is great and all, but there are some downsides, too.

Me working fathym.jpg
925 views  
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
Story
hmquan08011996
@hmquan08011996 shared a post, 1 year, 1 month ago

Kubernetes Practice — Logging with Logstash and FluentD by Sidecar Container

Create a file named filebeat.cm.yaml to store the Filebeat configuration file...

1k views  
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
Story
jaziel-lopez
@jaziel-lopez shared a post, 1 year, 1 month ago
Thermofisher

First post ever: the importance of adapting to change

I'd like to start thank you for reading my first post on this platform. I truly appreciate your time.Since this is the first post I did not want to go technical at all and it should not be a large post. Most likely I want to express about the important of being able to cope with changes in our ..

731 views  
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
Story
ygnys
@ygnys shared a post, 1 year, 1 month ago
gitlive

Top 5 Git Tips & Tricks

Becoming a Git power-user is on the bucket list of every developer. Today we prepared 5 Git tips that will help you level up your workflow and bring you one step closer to Git mastery.

5-git-tips.png
1k views  
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
Story
thecloudpilot
@thecloudpilot shared a post, 1 year, 1 month ago
Customer Engineer, Google Cloud Premier Partner

Istio Service Mesh 101

Learn the basics of Istio Service Mesh and gain hands-on experience.

Istio Service Mesh 101
773 views  
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
Link
checkmateq
@checkmateq shared a link, 1 year, 1 month ago
Checkmate Global Technologies

Storage Classes and Object Life Cycle Management in Google Cloud Storage

Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
Story
sshnaidm
@sshnaidm shared a post, 1 year, 1 month ago
Principal Software Engineer, Red Hat

Ansible GPT — callback plugin with OpenAI for Ansible tasks and playbooks

#DevOps  #Python  #ansible  #gpt  #OpenAI 
ChatGPT GPT Ansible Python

Tutorial how to write your own Ansible Callback plugin and leverage OpenAI for Ansible code analysis.

OpenAI Ansible run
2k views  
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
Story
sshnaidm
@sshnaidm shared a post, 1 year, 1 month ago
Principal Software Engineer, Red Hat

Enhancing Ansible Lint with OpenAI: Writing Your Own Custom Rule

Analyze your Ansible code with Ansible lint and OpenAI/ChatGPT with your own rule.

openai-lintrule-demo.gif
681 views  
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
Sigstore is an open source initiative designed to make software artifact signing and verification simple, automatic, and widely accessible. Its primary goal is to improve software supply chain security by enabling developers and organizations to cryptographically prove the origin and integrity of the software they build and distribute.

At its core, sigstore removes many of the traditional barriers associated with code signing. Instead of managing long-lived private keys manually, sigstore supports keyless signing, where identities are issued dynamically using OpenID Connect (OIDC) providers such as GitHub Actions, Google, or Microsoft. This dramatically lowers operational complexity and reduces the risk of key compromise.

The sigstore ecosystem is composed of several key components:

- Cosign: A tool for signing, verifying, and storing signatures for container images and other artifacts. Signatures are stored alongside artifacts in OCI registries, rather than embedded in them.

- Fulcio: A certificate authority that issues short-lived X.509 certificates based on OIDC identities, enabling keyless signing.

- Rekor: A transparency log that records signing events in an append-only, tamper-evident ledger. This provides public auditability and detection of suspicious or malicious signing activity.

Together, these components allow anyone to verify who built an artifact, when it was built, and whether it has been tampered with, using publicly verifiable cryptographic proofs. This aligns closely with modern supply chain security practices such as SLSA (Supply-chain Levels for Software Artifacts).

sigstore is widely adopted in the cloud-native ecosystem and integrates with tools like Kubernetes, container registries, CI/CD pipelines, and package managers. It is commonly used to sign container images, Helm charts, binaries, and SBOMs, and is increasingly becoming a baseline security requirement for production software delivery.

The project is governed by the OpenSSF (Open Source Security Foundation) and supported by major industry players.