Linux Foundation has been quietly developing a project that might solve the supply chain attacks that are now on the rise - basically, a cryptographic transparency log of signed artifacts such as libraries, packages etc. It's in early phase but looks very promising #security

https://sigstore.dev/what_is_sigstore/