A non-profit, public good software signing & transparency service
The sigstore project’s goal is to provide a public a non-profit, public good service to improve the open source software supply chain by easing the adoption of cryptographic software signing, backed by transparency log technologies. It seeks to empower software developers to easily and securely sign software artifacts such as release files, container images, binaries, bills of material manifests, and more. Signing materials are stored in a tamper-evident public log. sigstore will be free to use for all developers and software providers, with sigstore’s code and operation tooling being 100% open source and maintained/developed by the sigstore community.
Sigstore is a part of the OpenSource Security Foundation (OpenSSF), under the Linux Foundation.