Where Do I Sign? Step-by-step Sigstore Adoption

These Supply Chains Ain’t Gonna Secure ThemselvesSigning and verifying your code, build system, and artifacts is one of the most effective mitigations you can take against supply chain security attacks. Sigstore provides the open source community with free infrastructure for code signing, in the spirit of LetsEncrypt, but for…