Sigstore: An open answer to software supply chain trust and security

Sigstore is an open source project originally conceived and prototyped at Red Hat and now under the auspices of the Linux Foundation with backing from Red Hat, Google and other IT leaders. Sigstore offers a method to better secure software supply chains in an open, transparent and accessible manner. So why do we need something like sigstore, exactly? And what does sigstore do that existing technologies, built to certify and sign digital technologies, don’t?
Quelle: CloudForms