cosign
There are 60 repositories under cosign topic.
zarf-dev/zarf
DevSecOps for Air Gap & Limited-Connection Systems. https://zarf.dev/
sigstore/sigstore
Common go library shared across sigstore services and clients
ekristen/aws-nuke
Remove all the resources from an AWS account
sse-secure-systems/connaisseur
An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster
ChristofferNissen/helmper
Import Helm Charts to OCI registries, optionally with vulnerability patching
sigstore/cosign-installer
Cosign Github Action
stacklok/sigstore-the-hard-way
sigstore the hard way!
philips-labs/spiffe-vault
Integrates Spiffe and Vault to have secretless authentication
intelops/compage
Compage - Low-Code Framework to develop Rest API, gRPC, dRPC, GraphQL, WebAssembly, microservices, FaaS, Temporal workloads, IoT and edge services, K8s controllers, K8s CRDs, K8s custom APIs, K8s Operators, K8s hooks, etc. with minimal coding and by automatically applying best practice methods like software supply chain security measures, SBOM, openAPI, cloudevents, etc. Auto generate code after defining requirements in UI as diagram.
sigstore/cosign-gatekeeper-provider
🔮 ✈️ to integrate OPA Gatekeeper's new ExternalData feature with cosign to determine whether the images are valid by verifying their signatures
developer-guy/container-image-sign-and-verify-with-cosign-and-opa
This is just a proof-of-concept project that aims to sign and verify container images using cosign and OPA (Open Policy Agent)
goreleaser/example-supply-chain
Example goreleaser + github actions config with keyless signing, SBOM generation, and attestations
appvia/cosign-keyless-admission-webhook
Kubernetes admission webhook that uses cosign verify to check the subject and issuer of the image matches what you expect
nataliagranato/LINUXtips-PICK
☸🐳 Projeto final do curso Programa Intensivo em Containers e Kubernetes | PICK 2024 da LINUXtips
martinbaillie/ocistow
Stream, Mutate and Sign Images with AWS Lambda and ECR
Dentrax/cosigneth
Container Image Signing & Verifying on Ethereum [Testnet]
chrisns/cosign-keyless-demo
Proof of concept that uses cosign and GitHub's in built OIDC for actions to sign container images, providing a proof that what is in the registry came from your GitHub action.
kube-tarian/sigrun
Sign your artifacts, source code or container images using Sigstore tools, Save the Signatures you want to use, and Validate & Control the deployments to allow only the known Sources based on Signatures, Maintainers & other payloads automatically.
bishal7679/ksapify
A Multi-Featured Light Kubernetes command-line tool
ekristen/dockit
Docker Registry Authentication Made Simple
eumel8/cosignwebhook
Kubernetes Validation Admission Controller to verify Cosign signatures
GoogleCloudPlatform/aactl
Google Container Analysis data import utility, supports OSS vulnerability scanner reports, SLSA provenance and sigstore attestations.
richardfan1126/nitro-enclaves-eif-build-action
This GitHub Action use kaniko and Amazon Linux container with nitro-cli to build a reproducible AWS Nitro Enclaves EIF file and its information.
emirhandogandemir/software-supply-chain-security-java
This repo contains the technology stack and its usage for software supply chain security of a Java application
sigstore/homebrew-tap
Sigstore Homebrew Tap
strongjz/cosign-aws-codepipeline
Example code repo for blog post https://chainguard.dev/posts/2022-01-07-cosign-aws-codepipeline
janfuhrer/podsalsa
Sample Go application project with supply chain security workflows conforms to the SLSA Build Level 3 specification
avisi-cloud/cosign-tutorial
Use cosign to secure your container images using Github actions
GoTurkiye/goreleaser-supply-chain-example
A demonstration of how GoReleaser can help us to make software supply chain more secure by using bunch of tools such as cosign, syft, grype, slsa-provenance
shibumi/secure-supply-chain-example
Supply Chain Security does not need to be difficult
yandex-cloud-examples/yc-webinar-security-pipeline-2023
Материалы к вебинару «Как выстроить процесс безопасной разработки в Yandex Cloud».
andros21/rustracer
rustracer - a multi-threaded raytracer in pure rust
bishal7679/Rancher-MLalgo4Health
This is really an interactive app with various predictions model with various algo. It can predict about your health as much as accurate
mchmarny/sbominator
Custom Google Cloud Build step to crate a Software Bill of Materials (SBOM) and Binary Authorization attestation.
scottames/daggerverse
My collection of the Daggerverse
wolfeidau/gh-cosign-goreleaser
Example of GitHub Actions, goreleaser and cosign to release a Go based CLI program.