Sigstore website screenshot

Sigstore

Sigstore is a set of free-to-use open source tools for signing, verifying, and protecting software supply chain artifacts. It provides a transparent and auditable signing infrastructure that eliminates the need for managing signing keys, making software supply chain security more accessible. The Sigstore ecosystem includes Cosign for artifact signing, Fulcio as the certificate authority, and Rekor as the cryptographically secure transparency log.

3 APIs 0 Features
Certificate AuthorityCode SigningContainersCryptographyOpen SourcePKISecuritySoftware Supply ChainTransparency Log

APIs

Rekor Transparency Log API

Rekor is a cryptographically secure, immutable transparency log for signed software releases. The Rekor API enables searching the transparency log, retrieving log entries, check...

Fulcio Certificate Authority API

Fulcio is Sigstore's free Root Certificate Authority for code signing certificates. It issues short-lived signing certificates to software producers based on OIDC authentication...

Cosign

Cosign is the Sigstore tool for signing and verifying container images and other OCI artifacts. It enables keyless signing using OIDC identity, hardware token signing, and polic...

Collections

Fulcio

OPEN

Pricing Plans

Sigstore Plans Pricing

1 plans

PLANS

Rate Limits

Sigstore Rate Limits

1 limits

RATE LIMITS

FinOps

Semantic Vocabularies

Sigstore Context

30 classes · 2 properties

JSON-LD

API Governance Rules

Sigstore API Rules

6 rules · 1 errors 5 warnings

SPECTRAL

JSON Structure

Sigstore Log Entry Structure

0 properties

JSON STRUCTURE

Example Payloads

Resources

🔗
LinkedIn
LinkedIn
🔗
Website
Website
🔗
Documentation
Documentation
🚀
GettingStarted
GettingStarted
👥
GitHubOrganization
GitHubOrganization
📰
Blog
Blog
🔗
Community
Community
🔗
Policy Controller
Policy Controller
🔗
Security
Security
🔗
Vocabulary
Vocabulary

Sources

Raw ↑
opencollection: 1.0.0
info:
  name: Fulcio
  version: 2.0.0
items:
- info:
    name: CA
    type: folder
  items:
  - info:
      name: '*

        Returns the configuration of supported OIDC issuers, including the required challenge for each issuer.'
      type: http
    http:
      method: GET
      url: '{{baseUrl}}/api/v2/configuration'
    docs: '*

      Returns the configuration of supported OIDC issuers, including the required challenge for each issuer.'
  - info:
      name: '*

        Returns an X.509 certificate created by the Fulcio certificate authority for the given request parameters'
      type: http
    http:
      method: POST
      url: '{{baseUrl}}/api/v2/signingCert'
    docs: '*

      Returns an X.509 certificate created by the Fulcio certificate authority for the given request parameters'
  - info:
      name: '*

        Returns the bundle of certificates that can be used to validate code signing certificates issued by this Fulcio instance'
      type: http
    http:
      method: GET
      url: '{{baseUrl}}/api/v2/trustBundle'
    docs: '*

      Returns the bundle of certificates that can be used to validate code signing certificates issued by this Fulcio instance'
bundled: true