Catching Malicious Package Releases Using a Transparency Log
Trail of Bits, with funding from OpenSSF, is improving Sigstoreās rekor-monitor to help maintainers detect malicious package releases, monitor signing identities, and strengthen software supply chain security using transparency logs.