Sigstore Is A New And Free Code Signing Service By Linux Foundation

The Sigstore will enable developers to sign their development process, ensuring that files carry strong, tamper-proof encryption.

The Linux Foundation, today announced the sigstore project. Founding members include Red Hat, Google and Purdue University. Sigstore improves the security of the software supply chain. It enabling the easy adoption of cryptographic software signing backed by transparency log technologies.

An inherent weakness of open source code is that it’s difficult to determine its provenance how it was built. That means that it’s prone to supply chain attacks.

Installing most open source software today is equivalent to picking up a random thumb-drive off the sidewalk and plugging it into your machine. Regarding sigstore, you can think of it like Let’s Encrypt for Code Signing.

Google Security Blog

Sigstore protect software origins

The project will empower software developers to securely sign software artifacts such as release files, container images and binaries. Signing materials are then stored in a tamper-proof public log. The service will be free to use for all developers and software providers, with the sigstore code and operation tooling developed by the sigstore community.

It will also use transparent logging technologies to make it easier to trace the “provenance, integrity, and discoverability” of the software supply chain. This making it easier for both project owners and contributors to trust and monitor changes.

I am very excited about sigstore and what this means for improving the security of software supply chains. Sigstore is an excellent example of an open source community coming together to collaborate and develop a solution to ease the adoption of software signing in a transparent manner.

Luke Hinds, Security Engineering Lead at Red Hat

In short, sigstore could provide software developers an easier to use and free option for protecting the important files associated with a project. Developers can use sigstore to sign release files, binaries, manifests, documents, logs, and more.

If you are curious and also for more information, check the project’s website.

Bobby Borisov

Bobby Borisov

Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

Think You're an Ubuntu Expert? Let's Find Out!

Put your knowledge to the test in our lightning-fast Ubuntu quiz!
Ten questions to challenge yourself to see if you're a Linux legend or just a penguin in the making.

1 / 10

Ubuntu is an ancient African word that means:

2 / 10

Who is the Ubuntu's founder?

3 / 10

What year was the first official Ubuntu release?

4 / 10

What does the Ubuntu logo symbolize?

5 / 10

What package format does Ubuntu use for installing software?

6 / 10

When are Ubuntu's LTS versions released?

7 / 10

What is Unity?

8 / 10

What are Ubuntu versions named after?

9 / 10

What's Ubuntu Core?

10 / 10

Which Ubuntu version is Snap introduced?

The average score is 68%