34.Key AbstractDigital

Sigstore community today announced the first stable release of sigstore-python, improving software supply chain security and paving the way for other client implementations of Sigstore that are in earlier stages.

Sigstore is an open source project launched by Linux Foundation with the goal of providing free and stable services for all developers to easily sign, verify and protect their software projects. While code signing is a valuable tool to prevent hackers from co-opting patching systems and delivering malware, it is difficult to implement in open source projects given the complexity of key management.  


The sigstore-python, as part of the project and funded by Google's Open Source Security Team, aims to provide a Sigstore-compatible client like cosign but built entirely with Python and easily adoptable by the Python ecosystem.