How many controls does Sigstore have?

Sigstore contains 13 controls organized across 4 domains.

Where does Sigstore apply?

Sigstore is applicable in International (OpenSSF). Organizations operating in or serving customers in this jurisdiction should evaluate its requirements.

What frameworks does Sigstore map to?

Sigstore has control-to-control mappings with 441 other compliance frameworks in our database. Use our compliance platform to explore these mappings interactively.

How do I get started with Sigstore compliance?

Start by understanding the framework's key controls and domains. Our compliance platform provides AI-powered gap analysis and mapping tools to help you assess your current posture and build a remediation plan.

Sigstore — Software Artifact Signing and Verification

Sigstore is a set of open-source tools for signing, verifying, and protecting software artifacts. Created by Google, Red Hat, and Purdue University, now under the OpenSSF.

Domains

Verification and Trust

Rekor - Transparency Log

Fulcio - Certificate Authority

Cosign - Artifact Signing

Frequently Asked Questions

Map Sigstore — Software Artifact Signing and Verification to any other framework

Use our AI-powered compliance platform to find control overlaps, gaps, and build remediation plans in seconds.

Try Free on Compliance Platform