@projectsigstore profile picture
sigstore @projectsigstore

sigstore is a non-profit , public good software signing service funded under the OpenSSF. sigstore.dev sigstore@infosec.exchange

Joined March 2021
  • Tweets 1,037
  • Following 1
  • Followers 4,085
56 Photos and videos
sigstore retweeted
Wolf Vollprecht@wolfvollprecht
12 Jun 2025
Cosign is a useful tool when signing containers by @projectsigstore / @openssf / @linuxfoundation - now it's really easy to install on Windows, macOS and Linux with pixi :)
prefix.dev@prefix_dev
12 Jun 2025
Interested in Software Supply Chain Security? We are! That's why we helped to get `cosign` on conda-forge: `cosign` can be used to sign container images or other artifacts with `sigstore`, and you can now easily install it with `pixi global install cosign` 🎉
2
9
1,068
sigstore retweeted
OpenSSF@openssf
4 Apr 2025
📣 Announcing v1.0 of the model-signing project, developed by the #OpenSSF AI/ML WG! This project enables signing verifying ML models of any size/format using #sigstore, self-signed certs, or key pairs. Read the blog to learn more & get involved: openssf.org/blog/2025/04/04/…
4
13
1,057
sigstore retweeted
Bob Callaway@rdcallaw
30 Jan 2025
Replying to @projectsigstore
@projectsigstore signatures are now validated and distributed by Maven Central! sonatype.com/blog/central-pu…

Validate Sigstore Signatures in Central Publisher Portal

Central Publisher Portal now validates Sigstore signatures, strengthening software supply chain security.

sonatype.com
3
7
481
sigstore retweeted
Jordi Mon Companys@JordiMonPMM
14 Nov 2024
Wow @pypi now supports @projectsigstore 💪🏻 blog.pypi.org/posts/2024-11-…

PyPI now supports digital attestations - The Python Package Index Blog

Announcing support for PEP 740 on the Python Package Index

blog.pypi.org
3
11
812
sigstore retweeted
OpenSSF@openssf
12 Nov 2024
🏅 With the support of @chainguard_dev as a Gold Sponsor, #SigstoreCon is building a stronger foundation for secure software supply chains. 🙏 Thank you, Chainguard! Join us today: events.linuxfoundation.org/s… #SupplyChainSecurity

SigstoreCon Supply Chain Day | LF Events

Join us for SigstoreCon! Attendees will learn about Sigstore, simplifying signing & verification for digital artifacts, software supply chain efforts & more!

events.linuxfoundation.org
1
3
10
1,024
sigstore retweeted
OpenSSF@openssf
12 Nov 2024
✨ Grateful for @StacklokHQ as a Gold Sponsor of #SigstoreCon! With their support, we’re pushing the boundaries of open source and supply chain security together. Join us today: events.linuxfoundation.org/s… #SupplyChainSecurity
1
1
3
488
sigstore retweeted
OpenSSF@openssf
12 Nov 2024
Huge thanks to @GoogleOSS for being a Platinum Sponsor of SigstoreCon! Their support for open source and supply chain security continues to drive the industry forward. 💪 #SigstoreCon #SupplyChainSecurity events.linuxfoundation.org/s…
4
5
869
🚨 SigstoreCon: Supply Chain Day is almost here! Register now to join us on Nov 12 in Salt Lake City for a day of talks about Sigstore, SLSA, SBOMs, and more! events.linuxfoundation.org/s…

Register | LF Events

Register Now! The registration deadline is 12:59pm Mountain Standard Time on the respective date. Quick Note: We never sell attendee lists or contact information, nor do we authorize others to do so.

events.linuxfoundation.org
1
5
427
Join us at SigstoreCon: Supply Chain Day on Nov 12, co-located with KubeCon NA in SLC! Registration includes a day of engaging talks, lunch, and swag! events.linuxfoundation.org/s…

Register | LF Events

Register Now! The registration deadline is 12:59pm Mountain Standard Time on the respective date. Quick Note: We never sell attendee lists or contact information, nor do we authorize others to do so.

events.linuxfoundation.org
5
7
683
Announcing the schedule for SigstoreCon: Supply Chain Day! We're looking forward to talks on Sigstore development, package registry security, SBOMs, TUF, and more! Register now for Nov 12, co-located with Kubecon NA in Salt Lake City events.linuxfoundation.org/s…

Schedule | LF Events

All session times are listed below in Mountain Standard Time (MST), UTC-7. To view the schedule in your preferred timezone, please select from the drop-down located at the bottom of the menu to the…

events.linuxfoundation.org
6
14
2,267
⏰ Reminder that the CFP for SigstoreCon closes tomorrow, September 18! events.linuxfoundation.org/s…

Call For Proposals (CFP) | LF Events

SigstoreCon is a one-day conference dedicated to Sigstore and software supply chain security. SigstoreCon will be a vendor-neutral conference dedicated to collaboration and learning about not only…

events.linuxfoundation.org
4
7
694
The CFP deadline for SigstoreCon has been extended to Wednesday, September 18, 2024 at 11:59 pm Mountain Daylight Time (UTC-6). events.linuxfoundation.org/s…

Call For Proposals (CFP) | LF Events

SigstoreCon is a one-day conference dedicated to Sigstore and software supply chain security. SigstoreCon will be a vendor-neutral conference dedicated to collaboration and learning about not only…

events.linuxfoundation.org
5
6
1,101
Reminder, the CFP for SigstoreCon closes on this Friday, September 13, 2024 at 11:59 pm Mountain Daylight Time (UTC-6) / 10:59 pm Pacific Daylight Time events.linuxfoundation.org/s…

Call For Proposals (CFP) | LF Events

SigstoreCon is a one-day conference dedicated to Sigstore and software supply chain security. SigstoreCon will be a vendor-neutral conference dedicated to collaboration and learning about not only…

events.linuxfoundation.org
2
282
⏰ Reminder folks, the CFP deadline is Sept 13, please submit your talks before then! events.linuxfoundation.org/s…

Call For Proposals (CFP) | LF Events

SigstoreCon is a one-day conference dedicated to Sigstore and software supply chain security. SigstoreCon will be a vendor-neutral conference dedicated to collaboration and learning about not only…

events.linuxfoundation.org
3
5
1,377
sigstore retweeted
Stacklok@StackLokHQ
3 Sep 2024
On our last Securi-Taco Tuesday @puerco welcomed @rdcallaw & @haydentherapper from @Google's Open Source Security Team (GOSST) on to chat about how code signing and @projectsigstore secure the software supply chain. Read the recap & watch the replay here: stacklok.com/blog/securi-tac…
7
9
1,160
TSC Member @rdcallaw and community chair @haydentherapper from the Google OS Sec Team chatted with @puerco on the @StackLokHQ hosted 🌮 Securi-Taco Tuesdays 📺show. Lot's on sigstore and & software supply chain security. Catch it here: youtube.com/watch?v=JwfTCeBk…

Securi-Taco Tuesdays: Trust and Verify: How Code Signing & Sigstore...

Stacklok presents Securi-Taco Tuesdays with guest speakers from Goo...

youtube.com
2
5
461
sigstore retweeted
OpenSSF@openssf
14 Aug 2024
📣 Join us for SigstoreCon: Supply Chain Day! 📍Attendees will learn about simplifying signing & verification for digital artifacts using Sigstore, as well as related software supply chain efforts such as SLSA, and more! Learn more: openssf.org/blog/2024/08/14/… #OSSSecurity
1
8
14
1,122
Join us for SigstoreCon: Supply Chain Day! Co-located with Kubecon NA 2024 in Salt Lake City. CFP now open events.linuxfoundation.org/s…

SigstoreCon Supply Chain Day | LF Events

Join us for SigstoreCon! Attendees will learn about Sigstore, simplifying signing & verification for digital artifacts, software supply chain efforts & more!

events.linuxfoundation.org
7
14
1,152
sigstore retweeted
Jordi Mon Companys@JordiMonPMM
31 Jul 2024
Powered by @projectsigstore
April Yoho@TheAprilYoho
31 Jul 2024
Secure your cloud-native supply chain with #GitHub Artifact Attestations. Confirm your builds are actually what you want to build! P.S. You can also achieve SLSA v1 Build Level 3 gh.io/AttestationsBlog #cloudnative #supplychain #developer #secured
1
1
3
517
sigstore retweeted
Luke Hinds
@decodebytes
1 Aug 2024
Thank you @openuk_uk for the beautiful glass engraved award accepted on behalf of @projectsigstore and @controlplaneio for sponsoring the security category ❤️
3
5
21
1,068
Load more