Sigstore’s rekor‑monitor, now production‑ready, equips package maintainers with real‑time alerts for unexpected signing events in the Rekor transparency log. By adding support for Rekor v2, certificate validation, and TUF integration, the tool turns the log’s append‑only promise into actionable security for developers.