sigstore
There are 4 repositories under sigstore topic.
- Language:Go 941
- Language:Go 444
- connaisseur
sse-secure-systems / connaisseur
An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster
Language:Go 441 - Language:Rust 166
sigstore / model-transparency
Supply chain security for ML
Language:Python 110argoproj-labs / argocd-interlace
Enabling Software Supply Chain Security Capabilities in ArgoCD
Language:Go 80🔮 ✈️ to integrate OPA Gatekeeper's new ExternalData feature with cosign to determine whether the images are valid by verifying their signatures
Language:Go 76- Language:Go 60
kubernetes-sigs / tejolote
A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.
Language:Go 56goreleaser / goreleaser-example-supply-chain
Example goreleaser + github actions config with keyless signing and SBOM generation
Language:Go 55- Language:Go 47
nsmith5 / rekor-sidekick
🔍 Rekor transparency log monitoring and alerting
Language:Go 27appvia / cosign-keyless-admission-webhook
Kubernetes admission webhook that uses cosign verify to check the subject and issuer of the image matches what you expect
Language:JavaScript 22chainguard-dev / tlogistry
Transparenty Immutable Container Image Tags
Language:Go 20martinbaillie / ocistow
Stream, Mutate and Sign Images with AWS Lambda and ECR
Language:Go 19- Language:Go 16
rewanthtammana / sigstore-the-easy-way
Software signing just got easier
Language:HTML 15chrisns / cosign-keyless-demo
Proof of concept that uses cosign and GitHub's in built OIDC for actions to sign container images, providing a proof that what is in the registry came from your GitHub action.
Language:Dockerfile 14albasystems / hello-slsa
Project that demonstrates the implementation of SLSA L3 with Github Workflows and Sigstore. Bonus: binary authorization with Kyverno.
Language:CUE 13kube-tarian / sigrun
Sign your artifacts, source code or container images using Sigstore tools, Save the Signatures you want to use, and Validate & Control the deployments to allow only the known Sources based on Signatures, Maintainers & other payloads automatically.
Language:Go 12ThomasVitale / supply-chain-security-java
Samples showing how to secure the supply chain for Java applications.
Language:Java 11GoogleCloudPlatform / aactl
Google Container Analysis data import utility, supports OSS vulnerability scanner reports, SLSA provenance and sigstore attestations.
Language:Go 9- Language:Python 7
strongjz / cosign-aws-codepipeline
Example code repo for blog post https://chainguard.dev/posts/2022-01-07-cosign-aws-codepipeline
Language:HCL 7operatorequals / gitsign-action
Verify Sigstore Gitsign commit signatures
Language:Shell 6richardfan1126 / nitro-enclaves-eif-build-action
This GitHub Action use kaniko and Amazon Linux container with nitro-cli to build a reproducible AWS Nitro Enclaves EIF file and its information.
Language:Shell 6- Language:Go 5
- Language:Rust 5
hboutemy / sigstore-java-poc
Java PoC code to implement sigstore operations equivalent to "cosign sign-blob"
Language:Java 4mayaCostantini / sigstore-keycloak-setup
A guide for setting up Sigstore with Keycloak as an identity provider
shibumi / secure-supply-chain-example
Supply Chain Security does not need to be difficult
Language:Go 4Tools & services used to help in the development flow of sigstore
Language:Go 4smallstep / ansible-collection-sigstore
An Ansible collection for using Sigstore to verify file signatures
Language:Python 4whiteprints / whiteprints
A Copier-based cookiecutter for creating Python projects managed by uv.
Language:Python 2wolfeidau / gh-cosign-goreleaser
Example of GitHub Actions, goreleaser and cosign to release a Go based CLI program.
Language:Go 1
