Security
SignPath for Open Source Projects
by SignPath
Open-source projects can apply for a free code signing certificate through the SignPath Foundation, with secure signing, pipeline integrity, and full audit trails at no cost.
Perks
Free Code Signing Certificate
Sponsored code signing certificate for open-source projects at no cost through the SignPath Foundation.
Pipeline Integrity
Source and build provenance verification, policy enforcement, and protection against compromised pipelines with CI/CD-native connectors.
Format-Aware Signing
Deep signing support for EXE, MSI, JAR, XML, Docker, Office Macros, and nested artifacts.
Automatic Audit Trails
Detailed logs tracking every signed artifact for auditors and regulatory compliance reporting.
Eligibility
- Must be an open-source project with a publicly available codebase.
- Must use a recognized open-source license.
How to Apply
- Apply through the SignPath open-source community page.
- SignPath Foundation reviews the application.
Tags
code-signingsecuritysupply-chaincompliance