Driven forward by community

As a community, we believe in the values of open source software and seek to secure software supply chains. We've built Sigstore to be an easy-to-adopt, easy-to-use software signing solution. Secure software benefits everyone.

Google sponsor logoLinux Foundation sponsor logoChainguard sponsor logoRedHat sponsor logoPurdue University sponsor logoStacklok sponsor logo

The Sigstore story

Sigstore began as a collaboration between Red Hat and Google's Open Source Security Team to design technologies for signing and verifying code. The team created freely available, automated solutions for developers to sign their releases and to verify the provenance of all software.

Sigstore is now developed by an engaged open source community with support from the Linux Foundation. Sigstore's active community pursues the goal of creating and maintaining an industry-standard solution for signing and verifying software.



Recent Sigstore updates



Initiatives

Want to get involved?

Join our working group image

Join our working group

Questions, answers and what we’re working on as it happens. Come join us on Slack to get help or help out, and be right there where the action’s happening.

Join us on Slack
Share your stories image

Share your stories

Already working with Sigstore? Sharing and self-reporting helps us track community health, the state of the tooling and how it’s all being used.

Leave a user story
Attend a community meeting image

Attend a community meeting

We typically have a community-wide meeting on the third Tuesday of every month @ 16:30 UTC time. Additional meetings for specific initiatives occur throughout the month.

Check our community calendar