Sigstore is an open source project launched by Linux Foundation with the goal of providing free and stable services for all developers to easily sign, verify and protect their software projects. While code signing is a valuable tool to prevent hackers from co-opting patching systems and delivering malware, it is difficult to implement in open source projects given the complexity of key management.