cosign
https://github.com/sigstore/cosign
Go
Container Signing
Triage Issues!
When you volunteer to triage issues, you'll receive an email each day with a link to an open issue that needs help in this project. You'll also receive instructions on how to triage issues.
Triage Docs!
Receive a documented method or class from your favorite GitHub repos in your inbox every day. If you're really pro, receive undocumented methods or classes and supercharge your commit history.
Go not yet supported1 Subscribers
Add a CodeTriage badge to cosign
Help out
- Issues
- add additional information about COSIGN_REPOSITORY env
- add --skip-information flag to clean cmd for consistency
- Attached attestations in keyless mode not returned with verify-attestations
- manifest: introduce new `resolve` sub command
- file output of --output-certificate is base64 encoded (badly?), but the decoded contents is just a b64 pem file.
- TUF: GetRekorPubs should be used in CheckOpts, like Fulcio CheckOpts.Roots
- Ability to block admission if image SBOM contains specific package (defined in Cue)
- Cleanup for TUF code
- Improve reporting of verify cli commands with multiple images
- Move pkg/providers to sigstore/sigstore
- Docs
- Go not yet supported