Supply Chain Security > Sigstore

sigstore is a set of free to use and open source tools, including fulcio, cosign and rekor, handling digital signing, verification and checks for provenance needed to make it safer to distribute and use open source software.