sigstore
There are 50 repositories under sigstore topic.
sigstore/gitsign
Keyless Git signing using Sigstore
sigstore/sigstore
Common go library shared across sigstore services and clients
sse-secure-systems/connaisseur
An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster
sigstore/sigstore-rs
An experimental Rust crate for sigstore
stacklok/sigstore-the-hard-way
sigstore the hard way!
sigstore/model-transparency
Supply chain security for ML
argoproj-labs/argocd-interlace
Enabling Software Supply Chain Security Capabilities in ArgoCD
sigstore/cosign-gatekeeper-provider
🔮 ✈️ to integrate OPA Gatekeeper's new ExternalData feature with cosign to determine whether the images are valid by verifying their signatures
sigstore/helm-sigstore
Plugin for Helm to integrate the sigstore ecosystem
goreleaser/goreleaser-example-supply-chain
Example goreleaser + github actions config with keyless signing and SBOM generation
kubernetes-sigs/tejolote
A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.
sigstore/sigstore-go
Go library for Sigstore signing and verification
nsmith5/rekor-sidekick
🔍 Rekor transparency log monitoring and alerting
appvia/cosign-keyless-admission-webhook
Kubernetes admission webhook that uses cosign verify to check the subject and issuer of the image matches what you expect
chainguard-dev/tlogistry
Transparenty Immutable Container Image Tags
martinbaillie/ocistow
Stream, Mutate and Sign Images with AWS Lambda and ECR
sigstore/sigstore-go-archived
Go library for Sigstore signing and verification
rewanthtammana/sigstore-the-easy-way
Software signing just got easier
chrisns/cosign-keyless-demo
Proof of concept that uses cosign and GitHub's in built OIDC for actions to sign container images, providing a proof that what is in the registry came from your GitHub action.
albasystems/hello-slsa
Project that demonstrates the implementation of SLSA L3 with Github Workflows and Sigstore. Bonus: binary authorization with Kyverno.
kube-tarian/sigrun
Sign your artifacts, source code or container images using Sigstore tools, Save the Signatures you want to use, and Validate & Control the deployments to allow only the known Sources based on Signatures, Maintainers & other payloads automatically.
ThomasVitale/supply-chain-security-java
Samples showing how to secure the supply chain for Java applications.
GoogleCloudPlatform/aactl
Google Container Analysis data import utility, supports OSS vulnerability scanner reports, SLSA provenance and sigstore attestations.
sigstore/sigstore-conformance
Conformance testing for Sigstore clients
strongjz/cosign-aws-codepipeline
Example code repo for blog post https://chainguard.dev/posts/2022-01-07-cosign-aws-codepipeline
operatorequals/gitsign-action
Verify Sigstore Gitsign commit signatures
richardfan1126/nitro-enclaves-eif-build-action
This GitHub Action use kaniko and Amazon Linux container with nitro-cli to build a reproducible AWS Nitro Enclaves EIF file and its information.
sigstore/github-sync
Pulumi GitHub Sync for sigstore
hboutemy/sigstore-java-poc
Java PoC code to implement sigstore operations equivalent to "cosign sign-blob"
mayaCostantini/sigstore-keycloak-setup
A guide for setting up Sigstore with Keycloak as an identity provider
shibumi/secure-supply-chain-example
Supply Chain Security does not need to be difficult
sigstore/sigstore-devops-tools
Tools & services used to help in the development flow of sigstore
smallstep/ansible-collection-sigstore
An Ansible collection for using Sigstore to verify file signatures
trailofbits/sigstore-apis
Rust clients for the Fulcio and Rekor APIs
juburr/cosign-orb
A simple CircleCI orb used to install Cosign and sign container images
wolfeidau/gh-cosign-goreleaser
Example of GitHub Actions, goreleaser and cosign to release a Go based CLI program.