/tuf-on-ci-sigstore-test

Primary LanguagePython

A tuf-on-ci test repo using sigstore signing

A completely keyless TUF repository:

  • Repository signs online roles with sigstore using the ambient GitHub workflow identity
  • offline signers use interactive sigstore identities