Sigstore is a set of services and tools for signing, verifying, and proving the provenance of software artifacts without requiring developers to manage long-lived signing keys. It was started at Red Hat and the Linux Foundation to close the gap that GPG and manual key management left in the software supply chain.
The system has three core components. Cosign is the CLI that produces and verifies signatures over OCI container images, blobs, and in-toto attestations. Fulcio is a certificate authority that issues short-lived X.509 code-signing certificates bound to an OIDC identity (GitHub Actions, Google, GitLab, etc.), so the signer is a verifiable identity rather than an opaque key. Rekor is an append-only, Merkle-tree transparency log that records every signature so tampering and backdating become detectable.
Together these enable keyless signing: a CI job authenticates to Fulcio via its workload OIDC token, receives a certificate valid for a few minutes, signs the artifact, and logs the signature to Rekor. Verifiers later check the signature against the certificate chain and the Rekor inclusion proof. Sigstore is used by Kubernetes, the Python Package Index, npm, Homebrew, and Chainguard images, and it underpins SLSA provenance attestations across the CNCF ecosystem.