The Linux Foundation, the nonprofit organization enabling innovation through open source, today announced the sigstore project, which improves the security of the software supply chain by enabling the easy adoption of cryptographic software signing backed by transparency log technologies.
sigstore will empower software developers to securely sign software artifacts such as release files, container images and binaries. Signing materials are then stored in a tamper-proof public log. The service will be free to use for all developers and software providers, with the sigstore code and operation tooling developed by the sigstore community. Founding members include Red Hat, Google and Purdue University.
“sigstore enables all open source communities to sign their software and combines provenance, integrity and discoverability to create a transparent and auditable software supply chain,” said Luke Hinds, Security Engineering Lead, Red Hat office of the CTO. “ ..
Support the originator by clicking the read the rest link below.
