Description
Records and verifies signed software metadata through Sigstore's transparency log workflow. It helps developers, security teams, and release systems prove that signatures were published and can be checked later.
The package includes client and server tools for security infrastructure, usually used from automation or the terminal. Logs and signatures may identify software artifacts and release activity, so treat configuration, keys, and public endpoints carefully.