4 posts tagged with "sigstore"

This post takes a look at Sigstore's bundle format which is the format of Sigstore's offline verification data.

Offline verification is described like this in busting-5-sigstore-myths:

As someone who was completly new to secure supply chain security (sscs) there were a lot of new projects that I learned the names of but did not really understand exactly what they did or how they complement each other. This post hopes to clarify a few of these projects, and others will be addressed in future posts.

This post contains the steps for setting up gitsign-credential-cache. which is useful if one has to perform multiple commits in short succession, or when doing a rebase.

This post contains the steps for setting up gitsign to sign your git commits using sigstore.