Computer Weekly

Linux Foundation sigstore finds ‘origins’ in software supply chains

The latest trends and issues around the use of open source software in the enterprise. The Linux Foundation announced the sigstore project this spring. Designed to improves the security of the ...
ZDNet

Linux Foundation announces new open-source software signing service

The just-announced sigstore aims to improve the security of the software supply chain by enabling the easy adoption of cryptographic software signing backed by transparency log technologies. It will ...
Dark Reading

Linux Foundation Debuts Sigstore Project for Software Signing

The Linux Foundation today announced its launch of Sigstore, a new nonprofit initiative that aims to improve open source software supply chain security by making it easier for developers to adopt ...
InfoWorld

Sigstore: Roots of trust for software artifacts

Sigstore has become the default software signing method for everything from Kubernetes to NPM, Maven, and PyPi, verifying the integrity of more than a million open source packages. For the roughly ...