Software supply chain attacks have been increasing over the past few years, spurring the Biden administration to release an executive order detailing what government agencies are supposed to do to protect themselves against them. These attacks consist of several different types of threats, but the result is always the same: attackers gaining access to run code on your infrastructure or to tamper with the code that you’re using in production. The Sigstore project aims to … More
The post Sigstore: Signature verification for protection against supply chain attacks appeared first on Help Net Security.