Sigstore Sets Out to Secure Cloud-Native Supply Chain

Open source software (OSS) is pervasive — 90% of companies are now using OSS. But this reliance is a double-edged sword. Amid rising software supply chain attacks, we’re witnessing the fragility of open source projects upon which the world now depends.

To secure the cloud-native software supply chain, major industry and government bodies are now collaborating to protect these core projects. For example, OpenSSF, under the auspices of the Linux Foundation, recently met with The White House to disseminate best practices. This momentum follows a presidential executive order on improving the nation’s cybersecurity.

One aspect of this larger mission will be verifying the provenance of all open source dependencies. This is where Sigstore comes in—it’s an open source package for digitally verifying the authenticity of open source packages. While Sigstore can be broadly applied to any open source software, cloud-native applications will be among the first. Sigstore was recently introduced in the Kubernetes 1.24 release and is seeing adoption in other popular cloud-native projects, as well.

I recently met with Dan Lorenc, founder, and CEO of Chainguard. Chainguard, one of the companies backing Sigstore, is calling on the industry to standardize on Sigstore for digital signatures. According to Lorenc, Sigstore has the potential to significantly improve how we sign and verify digital artifacts.

What is Sigstore?

Sigstore is similar to automated transport layer security (TLS) but for signing open source packages, explains Lorenc. It’s an open source project to help developers adopt cryptographic software signing for their software. With the protocol, developers can log in to obtain a certificate for free. Sigstore takes the pain out of signing management and can be integrated into most build systems, says Lorenc, meaning developers can automate the signature process when releasing software.

So, how does Sigstore work? Sigstore uses a handful of standalone open source projects to get the job done. First, developers authenticate with OpenID Connect to obtain a certificate issued by the Fulcio certificate authority. Fulcio then publishes the certificate to the Rekor transparency log, and developers then publish their signed artifacts. Then, end users can find or download signed artifacts and validate them against the transparency log to prove their authenticity.

Sigstore Architecture
Sigstore Architecture

Sigstore is versatile enough for signing all sorts of software types, from container images to tarballs and compiled binaries. The project also has its sights set on integrating with popular package managers such as PyPy and RubyGems.

Signing the Cloud-Native Supply Chain

In addition to its inclusion in the K8s 1.24 release, Lorenc foresees Sigstore becoming a standard applied within other cloud-native technology. For example, Cosign, another open source project by Sigstore, can be used to sign, verify and store a container image within an OCI-compliant registry. From WebAssembly to Helm charts, there are many key areas where the cloud-native development sphere could strategically use Sigstore.

Sigstore could even be used for manifest signing for software bill of materials (SBOMs). SBOMs require a software producer to spell out their internal makeup, similar to the ingredients of a food label. Signing an SBOM with Sigstore could help ensure the software has been verified and not tampered with along the way. “The two, when combined, do a good job of solving the big picture of getting more transparency in the supply chain,” says Lorenc.

Sigstore will likely complement other ongoing initiatives, such as Google’s SLSA, which provides automatic mechanisms to sign artifacts along the software supply chain. While SLSA is a critical part of security and integrity, says Lorenc, you can “still can have a garbage in/garbage out problem,” he said. Insecure credential managing on the build systems leaves a loophole or back door wide open. Thus, we need to ensure the build systems themselves are secure and apply basic security principles, he says.

While the National Institute of Standards and Technology (NIST) has yet to mandate the use of Sigstore, it could emerge as a compliance requirement in the future or, at least, as a corporate standard in the short term. “We hope that Sigstore pops out as the obvious choice,” says Lorenc. To support the Sigstore initiative, the Linux Foundation is actively assembling funding from both private and government bodies.

The History of Digital Certificates

Sigstore began at the end of 2020 and launched out of a networking group in OpenSSF. At the time, the contributors were studying how package managers were verifying and signing releases and found a cobbled-together implementation across the board, says Lorenc.

Lorenc compares the state of things to HTTPS before automated TLS was made possible. The way cryptographic signatures used to work is that a certificate authority vendor would issue a web certificate to place on a webserver to prove you owned a domain. The burden then became renewing your certificates when your HTTPS expired.

Let’sEncrypt, from the non-profit Internet Security Research Group (ISRG), then sought to fully automate this process by letting anyone generate a certificate to display in their DNS records. By opening this capability for all to use, TLS use skyrocketed from 25% in 2013 to 81% in 2022. (Now, it’s pretty rare to see that pop-up warning of an untrustworthy site).

Much in the same way LetsEncrypt quickly automated TLS creation for the web, an open standard for automated signature could quickly verify the provenance for critical open source packages. “Sigstore aims to make software signing ubiquitous, in much the same way that LetsEncrypt made X.509 certificates for TLS commonplace,” writes Luke Hinds, Security Engineering Lead, Red Hat.

Verifying Provenance for OSS

Wired recently described Sigstore as the “John Hancock and wax seal of the digital era.” Now, its inclusion in Kubernetes could signal increased adoption of Sigstore throughout the cloud-native stack. The project also comes at a time where proving the authenticity of the supply chain is critical to avoid malicious action.

Interestingly, over 80% of enterprises think it’s important for the security tools they use to be built upon open source software. This substantiates the viability of open standards for security.

The community around Sigstore is moving fast in the wake of recent attacks, Lorenc explains, with expansion quickly occurring into language ecosystems and package managers. According to Lorenc, the model is proven to work—now, the goal now is to standardize these APIs and encourage adoption.

Bill Doerrfeld

Bill Doerrfeld is a tech journalist and analyst. His beat is cloud technologies, specifically the web API economy. He began researching APIs as an Associate Editor at ProgrammableWeb, and since 2015 has been the Editor at Nordic APIs, a high-impact blog on API strategy for providers. He loves discovering new trends, interviewing key contributors, and researching new technology. He also gets out into the world to speak occasionally.

Bill Doerrfeld has 105 posts and counting. See all posts by Bill Doerrfeld