Sigstore
sigstore.devSign, verify, protect. Make sure your software is what it claims to be.
Securitycode-signingsoftware-supply-chainopen-sourcecryptographyartifact-verificationdevops
About
Sigstore is an open-source project that provides tools for signing, verifying, and protecting software artifacts to ensure supply chain integrity. It enables developers to cryptographically sign their software releases, making it easy to verify that software is authentic and has not been tampered with. The project is designed to make software signing accessible and transparent for the open-source ecosystem.
Problem
Software supply chain attacks are hard to detect because there is no easy, standard way to verify that software artifacts are authentic and untampered.
For
software developers and open-source maintainers
How it works
Sigstore provides cryptographic signing and verification tools that allow developers to sign software releases and anyone to verify their authenticity using a transparent, auditable log.
Business model
open-source
Status
launched