Skip to content

Learning about Sigstore

Jump to bottom
Flavio Castelli edited this page Oct 18, 2021 · 1 revision

This page contains a list of useful resources to better understand how Sigstore works.

  1. High level overview of the project, the "components" section is particularly useful: https://martinheinz.dev/blog/55
  2. Great deep dive into cosign: signing, verifying and how the signature format works: https://blog.sigstore.dev/cosign-image-signatures-77bab238a93
  3. Great deep dive that explains how cosign, rekor and fulcio work together: https://martinheinz.dev/blog/56
  4. Great deep dive explaining how to setup the whole infrastructure behind the project: https://github.com/lukehinds/sigstore-the-hard-way
Clone this wiki locally