Tag: sigstore

  • Implementing Containers’ Secure Supply Chain with Sigstore Part 3 – Ephemeral Keys and Artifact Promotion

    Implementing Containers’ Secure Supply Chain with Sigstore Part 3 – Ephemeral Keys and Artifact Promotion

    In the last post of the series about Sigstore, I will look at the most exciting part of the implementation – ephemeral keys, or what the Sigstore team calls keyless signing. The post will go over the second and third scenarios I outlined in Implementing Containers’ Secure Supply Chain with Sigstore Part 1 – Signing…

    , ,
    , , , ,
  • Implementing Containers’ Secure Supply Chain with Sigstore Part 1 – Signing with Existing Keys

    Implementing Containers’ Secure Supply Chain with Sigstore Part 1 – Signing with Existing Keys

    Today, the secure supply chain for software is on top of mind for every CISO and enterprise leader. After the President’s Executive Order (EO), many efforts were spun off to secure the supply chain. One of the most prominent is, of course, Sigstore. I looked at Sigstore more than a year ago and was excited…

    , ,
    , , , ,