Red Hat today announced a portfolio of cloud services designed to better secure software supply chains. The expanded portfolio includes Red Hat Trusted Application Pipeline to secure continuous integration/continuous delivery (CI/CD) workflows and Red Hat Trusted Content offerings to better secure software components. Announced at the Red Hat Summit, the Red Hat Trusted Software Supply […]
Chainguard Adds Private Edition of Code Signing Platform
Chainguard today added a private preview of a Chainguard Enforce Signing service, enabled by the open source Sigstore project, that allows developers to generate digital signatures for software artifacts using identities and one-time-use keys they create themselves. Kim Lewandowski, head of product for Chainguard, said Chainguard Enforce Signing provides an alternative to relying on a […]
Sigstore Code Signing Service Becomes Generally Available
A free digital signing service for software created by the Sigstore open source community has become generally available this week via the cloud. Announced at the SigstoreCon event that occurred during the KubeCon + CloudNativeCon North America conference, the cloud service makes it possible for developers to both cryptographically sign artifacts and verify that the […]
Google Allies With GitHub to Secure Software Supply Chains
Google today revealed it has been working with GitHub to create a forgery-proof method for signing source code as part of an ongoing effort to better secure software supply chains. Bob Callaway, technology lead for open source software supply chain security at Google, said a prototype of this method, written in the Go programming language, […]