Microsoft Signing Transparency delivers verifiable code integrity and tamper-evident software releases for stronger supply chain security.

Azure's blog provides insights into cloud computing, infrastructure as a service (IaaS), and platform as a service (PaaS), offering documentation, tutorials, and best practices for deploying and managing applications on Microsoft Azure cloud platform. By exploring Azure's curated content, developers can learn about virtual machines, Azure App Service, Azure Functions, and Azure DevOps for building, deploying, and scaling applications in the cloud. Whether you're migrating existing workloads or developing cloud-native applications, Azure offers resources to accelerate your cloud journey and achieve business goals.

Microsoft Azure

Microsoft announces Signing Transparency, a cloud service that creates tamper-evident records of software signatures using an append-only ledger backed by confidential computing. The service countersigns COSE envelopes and stores them in an immutable Merkle tree, issuing cryptographic receipts for independent verification. This enables organizations to detect unauthorized releases, verify software authenticity without relying solely on vendors, and maintain audit trails for compliance. The technology addresses supply chain attacks by making any misuse of signing keys visible in public logs, extending Zero Trust principles to software distribution.

Microsoft Signing Transparency: Secure Software Supply Chains

Need for transparency in the software supply chain

What is Microsoft’s Signing Transparency?

How Signing Transparency enhances security and trust

Why verifiable code integrity and transparency are essential for software supply chain security