Sigstore and the Linux Foundation have taken another step toward securing the software supply chain, this time focusing
on the initial stage of the chain. That is, the signing of Git commits.
Supply chain security is all the rage right now and the Linux Foundation's answer to it came through Sigstore:
full article on i-programmer: