There are 0 repository under fulcio topic.
🔮 ✈️ to integrate OPA Gatekeeper's new ExternalData feature with cosign to determine whether the images are valid by verifying their signatures
Sign your artifacts, source code or container images using Sigstore tools, Save the Signatures you want to use, and Validate & Control the deployments to allow only the known Sources based on Signatures, Maintainers & other payloads automatically.
Supply Chain Security does not need to be difficult
Java PoC code to implement sigstore operations equivalent to "cosign sign-blob"