Posts
sigstore-java, currently under development but not yet ready for general-purpose use, is a tool for signing and verifying Java package distributions with Sigstore's keyless signing. This is one more step taken by Sigstore towards securing the software supply chain.
Sigstore signing empowers software developers to securely sign software artifacts such as release files, container images and binaries. These signatures are then stored in a tamper-proof public log - for free.
full article on i-programmer:
https://www.i-programmer.info/news/80-java/16176-sigstore-java-sign-and-verify-your-java-builds.html
Comments