Sigstore (Project Rekor)

Software Supply Chain Transparency: this team will work with industry and open source partners to build software infrastructure to cryptographically verify provenance of software



Sigstore, formerly Project Rekor, is part of a new, experimental product to provide “software supply chain transparency” --- the ability for software producers to identify software components throughout different vendors, communities and sub-organizations. With this, high assurance software products are able to identify counterfeit software, decomission vulnerable code, and stop hackers trying to poison software delivery pipelines. Students will work in system building, security evaluation and deployment of test infrastructure.


Basic programming, some knowledge of Golang may be useful, but not required. Interest in software security

Meeting Times:

  • Spring 2022: TBA

  • Fall 2022: TBA