This month’s spotlight focuses on the Sigstore project. Digital signatures play a critical role in the software supply chain, by providing verifiable attributes of authentication, integrity, and non-repudiation of artifacts…
Read More
The primary activity for The Linux Foundation projects is open collaboration on technical challenges that deliver tangible improvements for developers, companies, industries, and society at large. The focus we’ve always…
Read More
Today at SigstoreCon, the Sigstore community announced the general availability of its free software signing service giving open source communities access to production-grade stable services for artifact signing and verification.…
Read More
This year SigstoreCon will be hosted for the first time! The one-day event will take place on October 25, in Detroit Michigan, in co-location with KubeCon + CloudNativeCon North America.…
Read More
We’re excited to report the results of two security audits, one for Sigstore and one for slf4j. The goal of security audits is to find vulnerabilities so they can be…
Read More
To make it easier to use Sigstore’s toolkit to its full potential, OpenSSF and Linux Foundation Training & Certification released a free online training course, Securing Your Software Supply Chain…
Read More