Signing Research by Ry Walker

← All Tags·2 items
Category Report
Developer Trust Tools

Category analysis of 10 developer trust and supply chain security tools. Covers Vouch (contributor trust), git-ai (AI code provenance), Sigstore (artifact signing), SLSA (build provenance), in-toto (attestation), zizmor (CI auditing), Socket.dev (proactive detection), OpenSSF Scorecard (project scoring), and GUAC (knowledge graph).

6 min read·1 profiles
Product Profiles (1)
Sigstoresigstore.dev
← All Research