Sigstore
Open Source Code Signing
Sigstore contains a suite of services to provide keyless code artifact signing and attestations for software supply chain security. These include a Web PKI provider (Fulcio), Certificate Transparency Log (CTLog), Signature Transparency Log (Rekor), a Merkle tree data store (Trillian), a Timestamp Authority and a TUF trust root.
Why Deploy on UDS:
Deploying Sigstore on UDS provides a robust security posture with continuous monitoring and updates. This application is pre-integrated into our DoD compliant DevSecOps platform and which provides comprehensive documentation to accelerate Authority to Operate (ATO) preparation, streamlining delivery to any mission environment.
Our DoD mission experts are available to discuss your specific mission needs and explore how this UDS-optimized solution could support your teams operations. Get started now.
Contract Vehicles Available
Through Defense Unicorns
Technical Details
- Preferred Infrastructure
- AWS GovCloud (US)
- Supported Infrastructure
- Azure Government Cloud, On-prem, Edge
Security & Compliance
- CVE Report
- Available
- SBOM
- Available
- FIPS Compliant Image
- -
- 3rd Party Certified
- -
- DISA STIG
- -
- Privilege Required
- -
