sigstore

Keyless Git signing using Sigstore

Common go library shared across sigstore services and clients

An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster

An experimental Rust crate for sigstore

Supply chain security for ML

sigstore the hard way!

Enabling Software Supply Chain Security Capabilities in ArgoCD

Go library for Sigstore signing and verification

🔮 ✈️ to integrate OPA Gatekeeper's new ExternalData feature with cosign to determine whether the images are valid by verifying their signatures

Plugin for Helm to integrate the sigstore ecosystem

A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.

Example goreleaser + github actions config with keyless signing, SBOM generation, and attestations

🔍 Rekor transparency log monitoring and alerting

Kubernetes admission webhook that uses cosign verify to check the subject and issuer of the image matches what you expect

Transparenty Immutable Container Image Tags

Stream, Mutate and Sign Images with AWS Lambda and ECR

Software signing just got easier

Go library for Sigstore signing and verification

🔴🟡🟢 The Amazing Multipurpose Policy Engine (and L)

Proof of concept that uses cosign and GitHub's in built OIDC for actions to sign container images, providing a proof that what is in the registry came from your GitHub action.