The Linux Foundation announced the sigstore project, which improves the security of the software supply chain by enabling the easy adoption of cryptographic software signing backed by transparency log technologies. Founding members of the project include Red Hat, Google and Purdue University. Signing materials are then stored in a tamper-proof public log. The service will be free to use for all developers and software providers, with sigstore code and operation tooling developed by sigstore community. The project aims to make all releases of open source software verifiable for users to actually verify them.
Source: https://www.helpnetsecurity.com/2021/03/10/sigstore-signing-service/