The Sigstore Rekor project was initiated by Luke Hinds with Red Hat as the founding company in mid-2020. Later, Bob Callaway and Dan Lorenc joined as co-founders of the Sigstore project, which launched in March 2021 with the three major projects of Rekor, Fulcio, and Cosign. Sigstore became a Linux Foundation project on March 9, 2021, citing founding members that include Red Hat, Google, and Purdue University. On October 25, 2022, Sigstore was marked publicly available as it announced general availability for Rekor and Fulcio.
Academic and industry research related to software supply chain security, transparency, reproducibility, and more:
- Software Distribution Transparency and Auditability
- Contour: A Practical System for Binary Transparency
- Reproducible Builds: Break a log, good things come in trees
- Dependency Issues: Solving the World’s Open-Source Software Security Problem
- Software Supply-Chain Security Reading List