Artifact Signing
← Back to Software Supply Chain
Cryptographically signing build artifacts to verify their integrity and provenance. Sigstore and cosign provide keyless signing for containers and other artifacts. Signed artifacts enable consumers to verify that the artifact was built by a trusted source and has not been tampered with.