Sigstore is an open standard and set of tools for signing, verifying, and proving the provenance of software artifacts. It provides keyless signing with short-lived certificates and a transparency log to secure the software supply chain.