Securing Software Repositories with the OpenSSF

Here at Chainguard, we believe that everyone benefits from better security in open-source software. That’s why we’re so excited that the OpenSSF has just created a new “Securing Software Repositories” working group, which aims to bring maintainers of software repositories and package managers together to share and develop…

sigstore, the local way

If you've been following the Chainguard blog, you might ask yourself: how do I run the open-source sigstore stack on my machine? While sigstore is often deployed using Kubernetes, it is flexible enough to run nearly anywhere: from a Raspberry Pi to an IBM mainframe. This article will demonstrate how…

Keyless Signing with Tekton on Amazon EKS

In this post, we’ll walk you through setting up Tekton Chains on Amazon EKS to improve the security of your Tekton pipelines. Tekton Chains simplifies signing software via “keyless signing”, which means that users don’t have to manage private keys or be responsible for distributing public keys. Instead,…

Keyless Signing with Tekton on AKS

In a previous blog article, we illustrated how simple it was to use Sigstore on Amazon EKS to perform keyless signing. Keyless signing is now also available on Azure AKS thanks to the recent addition of OpenID Issuer support. In this post, we will sign images created on an AKS…