Explore the journey of Sigstore, a Linux Foundation project providing non-profit software security cryptographic signing services, in this informative conference talk. Learn about the project's inception, current status, and future direction as presented by Bob Callaway from Red Hat and Dan Lorenc from Google. Discover how Sigstore, often compared to 'Let's Encrypt' for software signing, is being implemented to protect Kubernetes release container images and verify them directly in Kubernetes release infrastructure. Gain insights into the project's adoption by various communities such as Python, RubyGems, WebAssembly, and Maven. Delve into topics including supply chain security, software signing and provenance, and the technology behind Sigstore. Witness live demonstrations of a Go application, FullCoTransparency Log, Cosign, and Open Identity Flow. Understand the role of JSON Web Tokens and Inclusion Proofs in the Sigstore ecosystem.