cosign

There are 1 repository under cosign topic.

• zarf

  zarf-dev / zarf

  DevSecOps for Air Gap & Limited-Connection Systems. https://zarf.dev/

  k8sairgapcloud-nativehelmgovernmentdodk3skustomizeocicosigndockerdocker-registrygitopskubernetessbom
  Language:Go 1306

• sigstore / sigstore

  Common go library shared across sigstore services and clients

  sigstoregogolangsecuritysupply-chaincosign
  Language:Go 441
• connaisseur

  sse-secure-systems / connaisseur

  An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster

  kubernetesintegritydockerdocker-content-trustsignature-verificationauthenticationcosignsecurityprovenancecontaineradmission-controllersimage-signaturecontainer-imagesnotarysigstore
  Language:Go 432

• ChristofferNissen / helmper

  Import Helm Charts to OCI registries, optionally with vulnerability patching

  copaceticcosigngohelmkubernetesociorastrivy
  Language:Go 133

• sigstore / cosign-installer

  Cosign Github Action

  cosign
  115

• stacklok / sigstore-the-hard-way

  sigstore the hard way!

  sigstorecosign
  111

• philips-labs / spiffe-vault

  Integrates Spiffe and Vault to have secretless authentication

  spirespiffevaulthashicorpzero-trustbottom-turtlesecretscode-signinghelmk8skubernetesterraformcosignhacktoberfest
  Language:Go 81

• intelops / compage

  Compage - Low-Code Framework to develop Rest API, gRPC, dRPC, GraphQL, WebAssembly, microservices, FaaS, Temporal workloads, IoT and edge services, K8s controllers, K8s CRDs, K8s custom APIs, K8s Operators, K8s hooks, etc. with minimal coding and by automatically applying best practice methods like software supply chain security measures, SBOM, openAPI, cloudevents, etc. Auto generate code after defining requirements in UI as diagram.

  backend-servicescode-generationcontainerizationcontainersgraphqlgrpclow-codemicroservicessbom-generatorsoftware-bill-of-materialssoftware-supply-chain-securitywebassemblyrest-apigolangrustserverlesscosignvisual-applicationsno-codehacktoberfest
  Language:Go 80

• sigstore / cosign-gatekeeper-provider

  🔮 ✈️ to integrate OPA Gatekeeper's new ExternalData feature with cosign to determine whether the images are valid by verifying their signatures

  opagatekeepercosignkeylessfulciosigstorerekor
  Language:Go 75

• developer-guy / container-image-sign-and-verify-with-cosign-and-opa

  This is just a proof-of-concept project that aims to sign and verify container images using cosign and OPA (Open Policy Agent)

  cosignopagogolangopen-policy-agentcosign-http-wrapperproof-of-concept
  Language:Go 62

• goreleaser / goreleaser-example-supply-chain

  Example goreleaser + github actions config with keyless signing and SBOM generation

  goreleasergolanggosupply-chaincosignsigningsigstoresoftware-bill-of-materialssbomsyft
  Language:Go 55

• ekristen / aws-nuke

  Remove all the resources from an AWS account

  awscligoreleasergithub-actionscosignmkdocsmkdocs-materiallibnuke
  Language:Go 36

• appvia / cosign-keyless-admission-webhook

  Kubernetes admission webhook that uses cosign verify to check the subject and issuer of the image matches what you expect

  container-securitycosignhacktoberfestkuberneteskubernetes-admission-webhookoidcsigstore
  Language:JavaScript 22

• martinbaillie / ocistow

  Stream, Mutate and Sign Images with AWS Lambda and ECR

  sigstorecosignawsaws-lambdaecrsupplychainslsaocidocker
  Language:Go 19

• Dentrax / cosigneth

  Container Image Signing & Verifying on Ethereum [Testnet]

  cosignethereumdappcontainercontainer-imagesigningsoliditydockerecdsa
  Language:TypeScript 17

• chrisns / cosign-keyless-demo

  Proof of concept that uses cosign and GitHub's in built OIDC for actions to sign container images, providing a proof that what is in the registry came from your GitHub action.

  oidcgithubgithub-actioncosignsigstorehacktoberfestproof-of-conceptcontainer
  Language:Dockerfile 14

• kube-tarian / sigrun

  Sign your artifacts, source code or container images using Sigstore tools, Save the Signatures you want to use, and Validate & Control the deployments to allow only the known Sources based on Signatures, Maintainers & other payloads automatically.

  sigstorecosignrekorfulciocontainersartifactssignaturesignature-verificationkubernetespodsopaopen-policy-agentgatekeeperpolicy-as-codekubernetessecuritykubernetes-securitycontainer-securitycontainersecurity
  Language:Go 12

• bishal7679 / ksapify

  A Multi-Featured Light Kubernetes command-line tool

  cligoclient-gocobra-clicosignkubernetesshell
  Language:Go 10

• ekristen / dockit

  Docker Registry Authentication Made Simple

  dockerdocker-distributiongolangregistrylitestreamhelmhelm-chartkubernetescosign
  Language:Go 10
• cosignwebhook

  eumel8 / cosignwebhook

  Kubernetes Validation Admission Controller to verify Cosign signatures

  admission-webhookcosignkubernetessigningverify
  Language:Go 9

• GoogleCloudPlatform / aactl

  Google Container Analysis data import utility, supports OSS vulnerability scanner reports, SLSA provenance and sigstore attestations.

  artifactattestationsbuildcontainergcbgcpimportpredicatesbomslsacosignsigstore
  Language:Go 9

• emirhandogandemir / software-supply-chain-security-java

  This repo contains the technology stack and its usage for software supply chain security of a Java application

  supply-chain-securitycosigndependency-scanningimage-scanningkyvernosbomsonarqubetrivyhelmjib-maven-plugin
  Language:Java 7

• strongjz / cosign-aws-codepipeline

  Example code repo for blog post https://chainguard.dev/posts/2022-01-07-cosign-aws-codepipeline

  cosignawssigstorecontainerssupplychain
  Language:HCL 7

• sigstore / homebrew-tap

  Sigstore Homebrew Tap

  homebrewcosignrekortaphomebrew-formulahomebrew-tap
  Language:Ruby 6

• janfuhrer / podsalsa

  Sample Go application project with supply chain security workflows conforms to the SLSA Build Level 3 specification

  cosigngoreleaserkoprovenancesbomslsasupply-chain-security
  Language:Go 5

• richardfan1126 / nitro-enclaves-eif-build-action

  This GitHub Action use kaniko and Amazon Linux container with nitro-cli to build a reproducible AWS Nitro Enclaves EIF file and its information.

  awsenclaveenclavesnitro-enclavenitro-enclavescosignorassigstore
  Language:Shell 5

• GoTurkiye / goreleaser-supply-chain-example

  A demonstration of how GoReleaser can help us to make software supply chain more secure by using bunch of tools such as cosign, syft, grype, slsa-provenance

  goreleaserslsaslsaprovenancecosignsbomsyftgrypegithubactions
  Language:Go 4

• shibumi / secure-supply-chain-example

  Supply Chain Security does not need to be difficult

  sbomcosignsigstorefulciorekorkeylesssupply-chain-security
  Language:Go 4

• yandex-cloud-examples / yc-webinar-security-pipeline-2023

  Материалы к вебинару «Как выстроить процесс безопасной разработки в Yandex Cloud».

  cosignkmsscanning-imagessecure-developmentslsayandex-cloudyandexcloud
  4

• andros21 / rustracer

  rustracer - a multi-threaded raytracer in pure rust

  rustraytracingcargocoveragecosignrayonclapcueyamlslsa
  Language:Rust 3

• avisi-cloud / cosign-tutorial

  Use cosign to secure your container images using Github actions

  cosigndocker
  Language:Dockerfile 2

• bishal7679 / Rancher-MLalgo4Health

  This is really an interactive app with various predictions model with various algo. It can predict about your health as much as accurate

  awscosigndockerekskubernetespython3ranchergithub-actionsmachine-learningecs-cluster
  Language:Python 2

• mchmarny / sbominator

  Custom Google Cloud Build step to crate a Software Bill of Materials (SBOM) and Binary Authorization attestation.

  buildcloudbuildcosigndockerpipelinesbomsnyk
  Language:Makefile 2

• hauler-dev / cosign

  (landing area for upstream contributions and carried patches)

  cosignopen-sourcesigstore
  Language:Go 1

• juburr / cosign-orb

  A simple CircleCI orb used to install Cosign and sign container images

  circlecicircleci-orbcosignsupply-chain-security
  Language:Shell 1

• scottames / daggerverse

  My collection of the Daggerverse

  containerscosigndaggerversedistroboxfedoraublue-osuniversal-blue
  Language:Go 1