Sigstore Announces the First Stable Release of Code and Certificate Signing Tool for Python
1 min read
Jan 16, 2023
Sigstore community today announced the first stable release of sigstore-python, improving software supply chain security and paving the way for other client implementations of Sigstore that are in earlier stages.
Sigstore is an open source project launched by Linux Foundation with the goal of providing free and stable services for all developers to easily sign, verify and protect their software projects. While code signing is a valuable tool to prevent hackers from co-opting patching systems and delivering malware, it is difficult to implement in open source projects given the complexity of key management.
The sigstore-python, as part of the project and funded by Google's Open Source Security Team, aims to provide a Sigstore-compatible client like cosign but built entirely with Python and easily adoptable by the Python ecosystem.
Related Articles
1 - 0 min read
Spectre V2: A New Threat to Linux Systems
1 - 0 min read
Hacked VMs Reveal New Attack Risks
1 - 0 min read
Multiple Chromium DoS, Info Disclosure Vulns Fixed [Updated]
