Join us

ContentUpdates and recent posts about Sigstore..
ย Activity
@david6983 started using tool Argo CD , 2ย days, 14ย hours ago.
Story
@laura_garcia shared a post, 2ย days, 15ย hours ago
Software Developer, RELIANOID

๐—ผ๐—ฝ๐—ฒ๐—ฟ๐—ฎ๐˜๐—ถ๐—ผ๐—ป๐—ฎ๐—น ๐—ฟ๐—ฒ๐˜€๐—ถ๐—น๐—ถ๐—ฒ๐—ป๐—ฐ๐—ฒ ๐—ฎ๐—ป๐—ฑ ๐˜๐—ต๐—ฒ ๐˜๐—ฟ๐˜‚๐—ฒ ๐—ฐ๐—ผ๐˜€๐˜ ๐—ผ๐—ณ ๐—ฑ๐—ผ๐˜„๐—ป๐˜๐—ถ๐—บ๐—ฒ

๐ŸŽ‰ We're honored to be featured in this excellent article on one of today's most important topics: ๐—ผ๐—ฝ๐—ฒ๐—ฟ๐—ฎ๐˜๐—ถ๐—ผ๐—ป๐—ฎ๐—น ๐—ฟ๐—ฒ๐˜€๐—ถ๐—น๐—ถ๐—ฒ๐—ป๐—ฐ๐—ฒ ๐—ฎ๐—ป๐—ฑ ๐˜๐—ต๐—ฒ ๐˜๐—ฟ๐˜‚๐—ฒ ๐—ฐ๐—ผ๐˜€๐˜ ๐—ผ๐—ณ ๐—ฑ๐—ผ๐˜„๐—ป๐˜๐—ถ๐—บ๐—ฒ. It's always rewarding to see industry experts recognize the critical role that intelligent application delivery, high availability, and resilient tr..

Article mind technology relianoid
Story Keploy Team
@sancharini shared a post, 3ย days, 9ย hours ago

Building Production-Ready Pipelines with Open Source Automation Tools: Real Patterns That Work

Learn the patterns that separate production-ready pipelines from those that fail. How experienced teams use open source automation tools effectively.

Open Source Automation Tools Modern Engineering Teams Are Building Pipelines Around
Story
@laura_garcia shared a post, 5ย days, 20ย hours ago
Software Developer, RELIANOID

Network Load Balancer

๐ŸŒ ๐˜Ž๐˜ณ๐˜ฆ๐˜ข๐˜ต ๐˜ฑ๐˜ฆ๐˜ณ๐˜ง๐˜ฐ๐˜ณ๐˜ฎ๐˜ข๐˜ฏ๐˜ค๐˜ฆ ๐˜ด๐˜ต๐˜ข๐˜ณ๐˜ต๐˜ด ๐˜ธ๐˜ช๐˜ต๐˜ฉ ๐˜ช๐˜ฏ๐˜ต๐˜ฆ๐˜ญ๐˜ญ๐˜ช๐˜จ๐˜ฆ๐˜ฏ๐˜ต ๐˜ต๐˜ณ๐˜ข๐˜ง๐˜ง๐˜ช๐˜ค ๐˜ฅ๐˜ช๐˜ด๐˜ต๐˜ณ๐˜ช๐˜ฃ๐˜ถ๐˜ต๐˜ช๐˜ฐ๐˜ฏ. A ๐—ก๐—ฒ๐˜๐˜„๐—ผ๐—ฟ๐—ธ ๐—Ÿ๐—ผ๐—ฎ๐—ฑ ๐—•๐—ฎ๐—น๐—ฎ๐—ป๐—ฐ๐—ฒ๐—ฟ helps organizations maximize availability, eliminate bottlenecks, and keep critical applications running smoothlyโ€”even under heavy traffic or unexpected failures. In our latest article, we explain how Layer 4 l..

Story
@laura_garcia shared a post, 6ย days, 16ย hours ago
Software Developer, RELIANOID

SOC2 compliance

๐Ÿ” ๐—ฆ๐—ข๐—– ๐Ÿฎ alignment is about trust, resilience, and doing security right by design. At ๐—ฅ๐—˜๐—Ÿ๐—œ๐—”๐—ก๐—ข๐—œ๐——, our load balancing and application delivery platform is aligned with the ๐—ฆ๐—ข๐—– ๐Ÿฎ ๐—ง๐—ฟ๐˜‚๐˜€๐˜ ๐—ฆ๐—ฒ๐—ฟ๐˜ƒ๐—ถ๐—ฐ๐—ฒ๐˜€ ๐—–๐—ฟ๐—ถ๐˜๐—ฒ๐—ฟ๐—ถ๐—ฎโ€”๐—ฐ๐—ผ๐˜ƒ๐—ฒ๐—ฟ๐—ถ๐—ป๐—ด ๐—ฆ๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜†, ๐—”๐˜ƒ๐—ฎ๐—ถ๐—น๐—ฎ๐—ฏ๐—ถ๐—น๐—ถ๐˜๐˜†, ๐—–๐—ผ๐—ป๐—ณ๐—ถ๐—ฑ๐—ฒ๐—ป๐˜๐—ถ๐—ฎ๐—น๐—ถ๐˜๐˜†, ๐—ฃ๐—ฟ๐—ผ๐—ฐ๐—ฒ๐˜€๐˜€๐—ถ๐—ป๐—ด ๐—œ๐—ป๐˜๐—ฒ๐—ด๐—ฟ๐—ถ๐˜๐˜†, ๐—ฎ๐—ป๐—ฑ ๐—ฃ๐—ฟ๐—ถ๐˜ƒ๐—ฎ๐—ฐ๐˜†. From encryption ..

ย Activity
@kevin-faun started using tool BOOM , 6ย days, 19ย hours ago.
ย Activity
@goutham-annem started using tool vLLM , 1ย week ago.
ย Activity
@goutham-annem started using tool Kubernetes , 1ย week ago.
ย Activity
@goutham-annem started using tool Istio , 1ย week ago.
ย Activity
@goutham-annem started using tool GPT-5.3-Codex , 1ย week ago.
Sigstore is an open source initiative designed to make software artifact signing and verification simple, automatic, and widely accessible. Its primary goal is to improve software supply chain security by enabling developers and organizations to cryptographically prove the origin and integrity of the software they build and distribute.

At its core, sigstore removes many of the traditional barriers associated with code signing. Instead of managing long-lived private keys manually, sigstore supports keyless signing, where identities are issued dynamically using OpenID Connect (OIDC) providers such as GitHub Actions, Google, or Microsoft. This dramatically lowers operational complexity and reduces the risk of key compromise.

The sigstore ecosystem is composed of several key components:

- Cosign: A tool for signing, verifying, and storing signatures for container images and other artifacts. Signatures are stored alongside artifacts in OCI registries, rather than embedded in them.

- Fulcio: A certificate authority that issues short-lived X.509 certificates based on OIDC identities, enabling keyless signing.

- Rekor: A transparency log that records signing events in an append-only, tamper-evident ledger. This provides public auditability and detection of suspicious or malicious signing activity.

Together, these components allow anyone to verify who built an artifact, when it was built, and whether it has been tampered with, using publicly verifiable cryptographic proofs. This aligns closely with modern supply chain security practices such as SLSA (Supply-chain Levels for Software Artifacts).

sigstore is widely adopted in the cloud-native ecosystem and integrates with tools like Kubernetes, container registries, CI/CD pipelines, and package managers. It is commonly used to sign container images, Helm charts, binaries, and SBOMs, and is increasingly becoming a baseline security requirement for production software delivery.

The project is governed by the OpenSSF (Open Source Security Foundation) and supported by major industry players.