Software transparency as a service

STaaS is free and open-source

Quickly sign artifacts, such as binaries, documents, and pictures, using short-lived certificates bound to your identity. Signatures are generated using one-time keys and they are record in a public, auditable transparency registry. Your artifacts are never transmitted to our platform.

Sign up now and start using STaaS for free. We respect your privacy and we will use your email only for authentication purposes.

Brought to you by ExcID and Guardtime in the context of the DISCGRID project.

How it works

  • STaaS generates a short-lived certificate bound to your email address using a private instance of the Fulcio CA.
  • Information about generated signatures is immutably recorded in the Rekor public transparency registry.
  • Generated signatures can be easily verified using the Cosign utility.

For more information read STaaS documentation