Skip to main content

Sigstore Java - Sign And Verify Your Java Builds

 sigstore-java, currently under development but not yet ready for general-purpose use,  is a tool for signing and verifying Java package distributions with Sigstore's keyless signing. This is one more step taken by Sigstore towards securing the software supply chain.

Sigstore signing empowers software developers to securely sign software artifacts such as release files, container images and binaries. These signatures are then stored in a tamper-proof public log - for free.

full article on i-programmer:

https://www.i-programmer.info/news/80-java/16176-sigstore-java-sign-and-verify-your-java-builds.html

Labels:

Comments

Post a Comment

Popular posts from this blog

The Advent of SQL 2024 Has Commenced

  It's Advent - the time of year when we countdown the days to Christmas - and if your are a programmer complete daily coding challenges with the Advent of Code, the Advent of Perl, the Advent of Java, Javascriptmas, etc. Now we have the Advent of SQL too with 24 SQL challenges to complete before Christmas! https://www.i-programmer.info/news/204-challenges/17678-the-advent-of-sql-2024-has-commenced.html
Post a Comment
Read more

Greenplum's Cloudberry Fork Enters Apache Incubator

  Cloudberry is the open source equivalent of Greenplum. Now it is fostered by the Apache Foundation as it acquires incubating status. It all began about six months ago. Greenplum's Github repositories was archived and went dark. This meant no more free new releases or security and bug fixes for its users. Why? Because in May 2024, Tanzu made the decision to close-source the project. https://www.i-programmer.info/news/84-database/17694-greenplums-cloudberry-fork-enters-apache-incubator-.html
Post a Comment
Read more