Sigstore was started to improve supply chain technology for anyone using open source projects. It's for open source maintainers, by open source maintainers.
Supply chain Levels for Software Artifacts (SLSA) is a security framework and step-by-step checklist to prevent tampering, improve integrity and secure packages across your supply chain.
Tekton is a powerful and flexible open-source framework for creating CI/CD systems, allowing developers to build, test, and deploy across cloud providers and on-premise systems.
Knative is an open source enterprise-level solution to build serverless and event driven applications in Kubernetes environments.
A cross-industry collaboration that brings together leaders to improve the security of open source software by building an expert community, targeted initiatives, and best practices.
Open source container images that consist of only your application and its runtime dependencies. This minimalism improves signal to noise and reduces the burden of establishing provenance.