Chainguard Enforce Adds New Software Signing Capability

padlock encryption security

Chainguard has announced new enterprise-grade features including a software signing service, a security policy catalog and a new eventing framework to Chainguard Enforce, the comprehensive software supply chain risk management platform. Following Chainguard Enforce’s general availability in September, the company has been focused on working with customers to build out key features and integrations that meet the needs of today’s modern enterprises.

According to the company, these new capabilities in Chainguard Enforce come at a critical moment for many organizations. This time last year the industry received a wake up call when a vulnerability was discovered in the widely used Apache Log4j-core software, dubbed “Log4Shell.” Recently nation-state actors were discovered exploiting the vulnerability to try to gain access to federal government networks.

The company has announced Chainguard Enforce Signing, powered by Sigstore, which enables customers to generate digital signatures for software artifacts inside their own organization using their individual identities and one-time-use keys. This new capability helps organizations ensure the integrity of container images, code commits, and other artifacts with private signatures that can be validated at any point an artifact needs to be verified.

Additionally, this capability allows customers to bring their own key and certificate, so key usage can be monitored and audited per compliance and privacy requirements. No information is stored in a public transparency log, so customers get the value of Sigstore without losing any privacy.

Chainguard Enforce is now available globally on AWS Marketplace, making it easier for enterprises to discover, try and purchase the platform through the channel they prefer.