Sigstore
Sign, verify, protect. Make sure your software is what it claims to be.

Sigstore is an open-source project that provides tools for signing, verifying, and protecting software artifacts to ensure supply chain integrity. It enables developers to cryptographically sign their software releases, making it easy to verify that software is authentic and has not been tampered with. The project is designed to make software signing accessible and transparent for the open-source ecosystem.
Sigstore provides cryptographic signing and verification tools that allow developers to sign software releases and anyone to verify their authenticity using a transparent, auditable log.
software developers and open-source maintainers
Background.
- Status
- launched
- Business model
- open-source
Similar projects.
Editorial take on the space this project sits in — momentum signals, adjacent moves, our call on whether the wedge is real. Get pinged when we publish a new read or when the landscape shifts.
Have a take on this space?
Tell us what you’d build differently, where you think the incumbents miss, or what we’ve gotten wrong about this project. Comments + reactions are coming soon.