Skip to content
@sigstore

sigstore

Software Supply Chain Security
README.md
sigstore logo

Sign. Verify. Protect. Making sure your software is what it claims to be.

Learn more at https://sigstore.dev/

Pinned Loading

  1. cosign cosign Public

    Code signing and transparency for containers and binaries

    Go 5.2k 615

  2. fulcio fulcio Public

    Sigstore OIDC PKI

    Go 749 157

  3. rekor rekor Public

    Software Supply Chain Transparency Log

    Go 995 182

  4. sigstore-rs sigstore-rs Public

    An experimental Rust crate for sigstore

    Rust 199 61

  5. sigstore-python sigstore-python Public

    A Sigstore client written in Python

    Python 287 62

  6. sigstore-java sigstore-java Public

    java clients for sigstore

    Java 63 24

Repositories

Showing 10 of 63 repositories
  • root-signing-staging Public

    Staging TUF repository for Sigstore trust root

    sigstore/root-signing-staging’s past year of commit activity
    10 Apache-2.0 9 7 1 Updated Aug 26, 2025
  • policy-controller Public

    Sigstore Policy Controller - an admission controller that can be used to enforce policy on a Kubernetes cluster based on verifiable supply-chain metadata from cosign

    sigstore/policy-controller’s past year of commit activity
    Go 142 65 57 9 Updated Aug 26, 2025
  • rekor Public

    Software Supply Chain Transparency Log

    sigstore/rekor’s past year of commit activity
    Go 995 Apache-2.0 182 72 9 Updated Aug 26, 2025
  • cosign Public

    Code signing and transparency for containers and binaries

    sigstore/cosign’s past year of commit activity
    Go 5,161 Apache-2.0 615 249 (1 issue needs help) 17 Updated Aug 26, 2025
  • sigstore Public

    Common go library shared across sigstore services and clients

    sigstore/sigstore’s past year of commit activity
    Go 488 Apache-2.0 140 19 8 Updated Aug 26, 2025
  • sigstore-devops-tools Public

    Tools & services used to help in the development flow of sigstore

    sigstore/sigstore-devops-tools’s past year of commit activity
    Go 6 Apache-2.0 3 0 0 Updated Aug 26, 2025
  • rekor-tiles Public

    Signature Transparency Log designed for ease of use, low cost, and minimal maintenance

    sigstore/rekor-tiles’s past year of commit activity
    Go 18 Apache-2.0 8 58 3 Updated Aug 26, 2025
  • rekor-monitor Public

    Log monitor for Rekor to verify immutability and monitor entries

    sigstore/rekor-monitor’s past year of commit activity
    Go 38 Apache-2.0 32 15 2 Updated Aug 26, 2025
  • sigstore-js Public

    Code-signing for npm packages

    sigstore/sigstore-js’s past year of commit activity
    TypeScript 167 Apache-2.0 30 5 10 Updated Aug 26, 2025
  • root-signing Public

    TUF repository for Sigstore trust root

    sigstore/root-signing’s past year of commit activity
    Makefile 107 Apache-2.0 87 21 1 Updated Aug 26, 2025
View all repositories