sigstore

Sigstore is a project that enables software signing, verifying, and discovering using transparency log technology. It aims to make software supply chain security practices more accessible and widespread by providing free, easy-to-use tools for signing and verifying software artifacts. Sigstore eliminates the need for developers to manage long-lived keys and provides a mechanism to publicly audit and track the signing and verification history of software.