Products
ProDUCtS
Chainguard Images New

Images are our security-first container base images.

Chainguard Enforce Beta

Enforce is a supply chain security solution for containerized workloads.

Professional Services

We can provide live and written training on supply chain security, the SLSA Framework and Sigstore.

Featured
All About That Base Image

Read our latest research paper on base image security.

View whitepaper
Community
Resources
CHAINGUARD RESOURCES
Whitepapers New

Complex software supply chain security
topics explained.

Customer Case Study

Read our case study with Block

Chainguard LabsNew

Original research on open source software and software supply chain security

Blog

Learn about software supply chain security from our experts.

NOW AVAILABLE
Chainguard Academy

Learning starts here
Company
PrivacyTerms
Sign inContact usGet a demo
Sign inContact usTry it out
Products
ProDUCtS
Chainguard Images New

Images are our security-first container base images.

Chainguard Enforce Beta

Enforce is a supply chain security solution for containerized workloads.

Professional Services

We can provide live and written training on supply chain security, the SLSA Framework and Sigstore.

Featured
All About That Base Image

Read our latest research paper on base image security.

View whitepaper
Community
Resources
CHAINGUARD RESOURCES
Whitepapers New

Complex software supply chain security
topics explained.

Customer Case Study

Read our case study with Block

Chainguard LabsNew

Original research on open source software and software supply chain security

Blog

Learn about software supply chain security from our experts.

NOW AVAILABLE
Chainguard Academy

Learning starts here
Company
PrivacyTerms
Sign inContact usGet a demo
Sign inContact usTry it out

Sigstore is now Generally Available

Priya Wadhwa
  •  
October 25, 2022
Tweet
The Case for Farm-to-Table Package Signing

Today at the first-ever SigstoreCon, Sigstore announced its general availability. Sigstore now delivers a 99.5% uptime SLO and round-the-clock pager support, which many of our Chainguardians will actively participate in. In the face of increasing supply chain security concerns, this next phase for Sigstore will provide open source communities and enterprises of all sizes with access to production-grade stable services for artifact signing and verification.

Sigstore is one of the fastest adopted open source technologies because of its developer-friendly method for signing, verifying and protecting software. Recently, GitHub announced that all npm packages - of which there are more than one million - intend to start using Sigstore. This is just the most recent momentum in a growing number of announcements from Python, Rust, Kubernetes and more about adopting Sigstore’s free wax seal of software authenticity. These milestones are a testament to the commitment and hard work happening across the Sigstore community and a very positive signal from open source software projects and maintainers about their commitment to software security.

What’s new in Sigstore GA? 

Sigstore's Fulcio certificate authority and Rekor transparency log public benefit services are now generally available with today’s announcement. Sigstore services allow for easy signing and verification of open source software, and are already integrated into tools like Sigstore’s cosign, Tekton Chains, and services like GitHub Actions. Now that Fulcio and Rekor are production grade, language package managers like RubyGems and npm can confidently integrate with Sigstore for their signing needs and increase adoption. Visit the GitHub repositories here and here to learn more about how to use the Rekor and Fulcio APIs. 

We hope this milestone for Sigstore services will empower not only more open source projects but enterprises of all sizes to adopt Sigstore to further secure their software supply chains. 

Get started with Sigstore today!

Last month, we launched Chainguard Academy, the first open source and interactive educational platform designed for software supply chain security. Chainguard Academy offers an interactive terminal sandbox to get hands-on and experiment with tooling like Sigstore right from the browser. We’ve created tutorials for core components of Sigstore:

  • How to Sign an SBOM with Cosign
  • How to Inspect and Verify Fulcio Certificates
  • How to Sign and Upload Metadata to Rekor
  • How to Keyless Sign a Container Image with Sigstore

And don’t forget to sign up to take the Sigstore edX course, designed in partnership with The Linux Foundation. 

Sigstore is one of those foundational technologies that can change the culture of software development, which is what we’re doing at Chainguard. We’re making software secure by default with tools like Sigstore, SLSA and more so that software developers can build-in, not bolt-on security measures, and companies can improve overall software security hygiene. 

More information about Sigstore is available on the website and to follow along with the community’s latest updates and progress, join the Sigstore Slack channel or mailing list. 

Congrats Team Sigstore!

‍

The Case for Farm-to-Table Package Signing

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

More articles

Chainguard Image Now Available for NATS

Dan Lorenc
  •  
March 27, 2023

Chainguard contributes Rekor Search Project to Sigstore

Priya Wadhwa
  •  
March 24, 2023

5 Capabilities in Chainguard Enforce You Don’t Want to Miss (Your Security Team Will LOVE #4)

Adam Dawson
  •  
March 23, 2023

Don’t break the chain – secure your supply chain today!

Contact us

Chainguard

Please direct security disclosures or questions about our bug bounty program to security@chainguard.dev
Copyright 2022
BlogCareersLegalTerms

Sign up for our newsletter

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Chainguard uses cookies to improve your experience and analyze traffic. By using our website, you agree to our privacy policy and our cookie policy.

Accept