by SignPath
Open-source projects can apply for a free code signing certificate through the SignPath Foundation, with secure signing, pipeline integrity, and full audit trails at no cost.
Perks
Sponsored code signing certificate for open-source projects at no cost through the SignPath Foundation.
Source and build provenance verification, policy enforcement, and protection against compromised pipelines with CI/CD-native connectors.
Deep signing support for EXE, MSI, JAR, XML, Docker, Office Macros, and nested artifacts.
Detailed logs tracking every signed artifact for auditors and regulatory compliance reporting.
Eligibility
- Must be an open-source project with a publicly available codebase.
- Must use a recognized open-source license.
How to Apply
- Apply through the SignPath open-source community page.
- SignPath Foundation reviews the application.
Similar to SignPath for Open Source Projects
Free Team plan forever for open source projects, with full cloud platform access including PR integration, quality gates, and security scanning across 49 supported languages.
Free forever for all open source projects. Code Climate (now Qlty) provides code coverage, maintainability analysis, linting, and auto-formatting with unlimited contributors.
Free static analysis, SAST, code coverage, and automated code reviews for open source projects with unlimited public repositories and unlimited team members.