ecosystem security

Dec 19

Catching Malicious Package Releases Using a Transparency Log

By OpenSSF Blog, Guest Blog

Trail of Bits, with funding from OpenSSF, is improving Sigstore’s rekor-monitor to help maintainers detect malicious package releases, monitor signing identities, and strengthen software supply chain security using transparency logs.

Catching Malicious Package Releases Using a Transparency Log

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get the latest announcements, event info, and the community news in your inbox