Homebrew's Sigstore-powered provenance is in beta
Last November, Alpha-Omega and Trail of Bits announced a collaboration to bring build provenance to homebrew-core. Today, we are pleased to announce that the core of that work is live and in public beta: homebrew-core is now using Sigstore to cryptographically attest to all bottles built in the official Homebrew CI. This is aligned with Sigstore’s mission: to support frictionless and transparent provenance on all artifact registries. Homebrew’s build provenance follows last year’s npm provenance feature, making Homebrew the second major packaging ecosystem to adopt Sigstore!