Dark Reading

Linux Foundation Debuts Sigstore Project for Software Signing

The Linux Foundation today announced its launch of Sigstore, a new nonprofit initiative that aims to improve open source software supply chain security by making it easier for developers to adopt ...
VentureBeat

Free digital signing service aims to bolster software supply chain security

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More The bulk of code in today’s modern software artifacts is open-source in ...
CSOonline

New free software signing service aims to strengthen open-source ecosystem

The Linux Foundation's sigstore code-signing software, developed with Google, Red Hat and Purdue University, will help prevent attacks on the software supply chain. The Linux Foundation has launched a ...
InfoWorld

Sigstore: Roots of trust for software artifacts

Sigstore has become the default software signing method for everything from Kubernetes to NPM, Maven, and PyPi, verifying the integrity of more than a million open source packages. For the roughly ...