Sigstore

by | Feb 5, 2021

Sigstore is a provenance store that is immutable and read-only. Sigstore’s immutability provides guarantees that any data entered into sigstore cannot be tampered or amended after entry.

This makes sigstore particularly conducive for the transparency of software supply chains. Actors (developers, software maintainers, build / packaging systems) can make entries into Sigstore which can then be queried by auditors, packaging systems, researchers for ‘inclusion’ and tamper free state.

Project Site

https://sigstore.dev/

Project Source Code

https://github.com/sigstore/rekor

Project Contact

Luke Hinds

Sr. Principal Software Engineer and Security Technical Team Lead