Slide 7
Slide 7 text
Trusted Artifact Signer: Sigstore stack
TUF server for trust root establish root of trust, serves publickeys & root CA cert that clients can verify with
Fulcio CA server issues short-lived code signing certificates based on authenticated OIDC identity
Certificate Transparency Log append-only immutable, verifiable transparency log that stores the signing certificates
Rekor API-based server for validation and a transparency log for storage
Trillian backend for Rekor -implementation of the transparency log - tamper-proof append-only
Rekor CLI verify an artifact is stored within the transparency log, query the log, and retrieval of entries
Cosign container signing tool
Gitsign keyless signing for Git commits
Helm upstream Sigstore scaffold chart with OpenShift specific configuration & resources