This is the repository for the Clients Special Interest Group (sig-clients) in the Sigstore project. This group has the following provisional mission until the next meeting where we'll discuss it:
Make Sigstore clients across languages/ecosystems easy-to-write, compatible, and secure by providing shared designs/documentation, data formats, and test suites.
In general, we'll try to avoid telling individual implementations what to do, though we may have criteria for various official statuses (e.g., what constitutes a "supported" client).
sig-clients doesn't own these, but these are relevant projects:
- protobuf-specs: cross-client data formats, especially for serializing
- sigstore-conformance: conformance test suites for clients
- architecture-docs: specifications
- Sigstore client implementations in various languages:
- Go: sigstore-go, Cosign, Gitsign,
- Java: sigstore-java
- JavaScript: sigstore-js
- Python: sigstore-python
- Ruby: sigstore-ruby
- Rust: sigstore-rs
- policy-controller
- Enterprise Contract
(You'll need to join [email protected] for access to many of these (to prevent spam).)
We welcome contributions from all! Great ways to help include:
- Use a Sigstore client and provide feedback (in the form of GitHub issues, chatter on Slack, etc.).
- Contribute to any of the above projects: you can just jump in on GitHub (generally best to file issues, ask whether anybody is working on something, etc. before just firing off a PR; see the
CONTRIBUTORS.md
orCONTRIBUTING.md
in the respective repository). - Say hi in Slack!
- Join a meeting (open to all community members; see below).
Meetings. Check the sigstore community calendar for meeting invitations/times (see community repository for more). We recognize that various constraints (time zones, connectivity, privacy concerns) mean that meetings aren't a great way for everybody to contribute. We strive to make important decisions asynchronously, via design documents and GitHub issues. At the same time, synchronous meetings can be really useful for hashing out complex issues quickly. We'll record these meetings (links should be in the notes docs).
- sig-clients meeting (monthly; notes)
- Sigstore Java (weekly; notes)
- Sigstore Golang (biweekly; notes)
Slack. We also communicate on Slack. Channels that might be of interest include: #clients
, #java
, #ruby-gems
, #sigstore-rust
, #sigstore-go
, #cosign
, #gitsign
.
This Sig is co-chaired by Fredrik Skogman and Appu Goundan
This has moved to the client section of the community roadmap.
Should you discover any security issues, please refer to Sigstore's security process.