Sigstore has announced the general availability of its free software signing service,
According to the announcement, Sigstore “provides a set of tools designed to improve supply chain security by making it easy to sign, verify and check the software developers are building and consuming.”
Sigstore functionality brings together free open source technologies including Fulcio, Cosign, and Rekor. And, according to the website, it handles digital signing, verification, and checks for provenance needed to make it safer to distribute and use open source software.”
Kubernetes and Python have already adopted Sigstore for their production releases, and npm says they are actively working to integrate Sigstore as well.
Comments