fix: update sigstore cosign link (#812)

huang-julien · web-flow · commit 1f3c5561aad3 · 2025-03-11T13:58:44.000Z
Signed-off-by: Julien Huang &lt;julien.h.dev@gmail.com&gt;
diff --git a/docs/Concise-Guide-for-Developing-More-Secure-Software.md b/docs/Concise-Guide-for-Developing-More-Secure-Software.md
@@ -19,7 +19,7 @@ Here is a concise guide for all software developers for secure software developm
     - [Explicitly disclose security issues affecting vendored dependencies](Vendored-Dependencies-Guide.md).
     - Create a [security policy](https://github.com/ossf/oss-vulnerability-guide/tree/main/templates/security_policies). Provide contacts.
 12. **Make it easy for your users to update**. Implement stable APIs, e.g., support old names when new ones are added. Use semantic versioning. Have a deprecation process.
-13. **Sign your project’s important releases**. Use standard tools and signing formats for your distribution. See the [cosign tool](https://docs.sigstore.dev/cosign/overview) from the [sigstore project](https://www.sigstore.dev/) to sign containers and other artifacts.
+13. **Sign your project’s important releases**. Use standard tools and signing formats for your distribution. See the [cosign tool](https://docs.sigstore.dev/quickstart/quickstart-cosign/) from the [sigstore project](https://www.sigstore.dev/) to sign containers and other artifacts.
 14. [**Earn an OpenSSF Best Practices badge**](https://www.bestpractices.dev/) for your open source project. At least earn “passing”. Plan and roadmap to eventually earn silver & gold.
 15. **Improve your** [**OpenSSF Scorecards**](https://github.com/ossf/scorecard) **score (if OSS and on GitHub)**. You can read the [Scorecards checks](https://github.com/ossf/scorecard#scorecard-checks). Use the [Allstar](https://github.com/ossf/allstar) monitor.
 16. **Notify the community of vulnerabilities in your project.** Publish security advisories with accurate & precise information, e.g., what usage & versions are vulnerable, mitigations, and fixed version(s). Get a CVE ID. On GitHub, [create your security advisory](https://docs.github.com/en/code-security/repository-security-advisories/creating-a-repository-security-advisory#creating-a-security-advisory) & [request a CVE](https://docs.github.com/en/code-security/repository-security-advisories/about-github-security-advisories-for-repositories#cve-identification-numbers).
