devops

Artifact Signing

Definition

Artifact signing applies cryptographic signatures to build outputs — binaries, packages, manifests — to prove their origin and integrity. Signed artifacts allow consumers to verify that software was built by a trusted pipeline and has not been tampered with in transit.

Sigstore's keyless signing model has made artifact signing practical by eliminating the need for long-lived private key management.

Related Terms

cosign

Image Signing

Container Image Signing

SBOM Generation

SBOM Generation in CI

OCI

Open Container Initiative

← Back to Glossary

Ship secure code faster

Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.

Talk to a Human See the Product