Free sigstore signing service confirms software origin and authenticity
sigstore will empower software developers to securely sign software artifacts such as release files, container images and binaries. Signing materials are then stored in a tamper-proof public log.