There are 1 repository under cosign topic.
An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster
Import Helm Charts to OCI registries, optionally with vulnerability patching
Integrates Spiffe and Vault to have secretless authentication
Compage - Low-Code Framework to develop Rest API, gRPC, dRPC, GraphQL, WebAssembly, microservices, FaaS, Temporal workloads, IoT and edge services, K8s controllers, K8s CRDs, K8s custom APIs, K8s Operators, K8s hooks, etc. with minimal coding and by automatically applying best practice methods like software supply chain security measures, SBOM, openAPI, cloudevents, etc. Auto generate code after defining requirements in UI as diagram.
🔮 ✈️ to integrate OPA Gatekeeper's new ExternalData feature with cosign to determine whether the images are valid by verifying their signatures
This is just a proof-of-concept project that aims to sign and verify container images using cosign and OPA (Open Policy Agent)
Example goreleaser + github actions config with keyless signing and SBOM generation
Kubernetes admission webhook that uses cosign verify to check the subject and issuer of the image matches what you expect
Stream, Mutate and Sign Images with AWS Lambda and ECR
Proof of concept that uses cosign and GitHub's in built OIDC for actions to sign container images, providing a proof that what is in the registry came from your GitHub action.
Sign your artifacts, source code or container images using Sigstore tools, Save the Signatures you want to use, and Validate & Control the deployments to allow only the known Sources based on Signatures, Maintainers & other payloads automatically.
A Multi-Featured Light Kubernetes command-line tool
Kubernetes Validation Admission Controller to verify Cosign signatures
Google Container Analysis data import utility, supports OSS vulnerability scanner reports, SLSA provenance and sigstore attestations.
This repo contains the technology stack and its usage for software supply chain security of a Java application
Example code repo for blog post https://chainguard.dev/posts/2022-01-07-cosign-aws-codepipeline
Sample Go application project with supply chain security workflows conforms to the SLSA Build Level 3 specification
This GitHub Action use kaniko and Amazon Linux container with nitro-cli to build a reproducible AWS Nitro Enclaves EIF file and its information.
A demonstration of how GoReleaser can help us to make software supply chain more secure by using bunch of tools such as cosign, syft, grype, slsa-provenance
Supply Chain Security does not need to be difficult
Материалы к вебинару «Как выстроить процесс безопасной разработки в Yandex Cloud».
Use cosign to secure your container images using Github actions
This is really an interactive app with various predictions model with various algo. It can predict about your health as much as accurate
Custom Google Cloud Build step to crate a Software Bill of Materials (SBOM) and Binary Authorization attestation.
(landing area for upstream contributions and carried patches)
A simple CircleCI orb used to install Cosign and sign container images
My collection of the Daggerverse