Open Source Insider Latest Blog Posts Related Content
US court issues Google API with Java ruling
Employees express high expectations of IT in world of ‘work from anywhere’ Download Current Issue
The Linux Foundation announced the sigstore project this spring.
Designed to improves the security of the software supply chain, sigstore is said to enable the adoption of cryptographic software signing backed by transparency log technologies.
Software application development professionals will be able to securely sign software artifacts such as release files, container images and binaries.
Signing materials are then stored in a tamper-proof public log.
The service will be free to use for all developers and software providers, with the sigstore code and operation tooling developed by the sigstore community.