History and Research

Over 100 contributors have pushed over 2,800 commits to Sigstore since its founding. Contributors to the project represent over 20 different organizations, including Red Hat, Google, Chainguard, Purdue University, VMware, Twitter, Citi, Charm, Anchore, and Iron Bank. Today, Sigstore Cosign has over 2,300 GitHub Stars and Sigstore Rekor has more than 3 million log entries. Today, there are over 1,200 active members on the public Slack channel, and many contributors and end users regularly attend Sigstore community meetings.

The Sigstore Rekor project was initiated by Luke Hinds with Red Hat as the founding company in mid-2020. Later, Bob Callaway and Dan Lorenc joined as co-founders of the Sigstore project, which launched in March 2021 with the three major projects of Rekor, Fulcio, and Cosign. Sigstore became a Linux Foundation project on March 9, 2021, citing founding members that include Red Hat, Google, and Purdue University. On July 28, 2021, the 1.0 version of Cosign was released, and the community is currently planning a general availability of Sigstore.

Relevant Research

Academic and industry research related to software supply chain security, transparency, reproducibility, and more:

Sigstore and Programming Language Communities

Resources for Learning More

As a living open source project with an engaged community, there are a number of sites and platforms you can navigate to for updated information on Sigstore:

Edit this page on GitHub Updated at Thu, Feb 2, 2023