sigstore
There are 4 repositories under sigstore topic.
- Language:Go 915
- Language:Go 438
- connaisseur
sse-secure-systems / connaisseur
An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster
Language:Go 428 - Language:Rust 158
sigstore / model-transparency
Supply chain security for ML
Language:Python 102argoproj-labs / argocd-interlace
Enabling Software Supply Chain Security Capabilities in ArgoCD
Language:Go 77🔮 ✈️ to integrate OPA Gatekeeper's new ExternalData feature with cosign to determine whether the images are valid by verifying their signatures
Language:Go 75- Language:Go 59
goreleaser / goreleaser-example-supply-chain
Example goreleaser + github actions config with keyless signing and SBOM generation
Language:Go 55kubernetes-sigs / tejolote
A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.
Language:Go 55- Language:Go 38
nsmith5 / rekor-sidekick
🔍 Rekor transparency log monitoring and alerting
Language:Go 26appvia / cosign-keyless-admission-webhook
Kubernetes admission webhook that uses cosign verify to check the subject and issuer of the image matches what you expect
Language:JavaScript 22chainguard-dev / tlogistry
Transparenty Immutable Container Image Tags
Language:Go 19martinbaillie / ocistow
Stream, Mutate and Sign Images with AWS Lambda and ECR
Language:Go 19- Language:Go 16
rewanthtammana / sigstore-the-easy-way
Software signing just got easier
Language:HTML 15chrisns / cosign-keyless-demo
Proof of concept that uses cosign and GitHub's in built OIDC for actions to sign container images, providing a proof that what is in the registry came from your GitHub action.
Language:Dockerfile 14albasystems / hello-slsa
Project that demonstrates the implementation of SLSA L3 with Github Workflows and Sigstore. Bonus: binary authorization with Kyverno.
Language:CUE 13kube-tarian / sigrun
Sign your artifacts, source code or container images using Sigstore tools, Save the Signatures you want to use, and Validate & Control the deployments to allow only the known Sources based on Signatures, Maintainers & other payloads automatically.
Language:Go 12GoogleCloudPlatform / aactl
Google Container Analysis data import utility, supports OSS vulnerability scanner reports, SLSA provenance and sigstore attestations.
Language:Go 9ThomasVitale / supply-chain-security-java
Samples showing how to secure the supply chain for Java applications.
Language:Java 9- Language:Python 7
strongjz / cosign-aws-codepipeline
Example code repo for blog post https://chainguard.dev/posts/2022-01-07-cosign-aws-codepipeline
Language:HCL 7richardfan1126 / nitro-enclaves-eif-build-action
This GitHub Action use kaniko and Amazon Linux container with nitro-cli to build a reproducible AWS Nitro Enclaves EIF file and its information.
Language:Shell 5hboutemy / sigstore-java-poc
Java PoC code to implement sigstore operations equivalent to "cosign sign-blob"
Language:Java 4operatorequals / gitsign-action
Verify Sigstore Gitsign commit signatures
Language:Shell 4shibumi / secure-supply-chain-example
Supply Chain Security does not need to be difficult
Language:Go 4- Language:Go 4
Tools & services used to help in the development flow of sigstore
Language:Go 4smallstep / ansible-collection-sigstore
An Ansible collection for using Sigstore to verify file signatures
Language:Python 4mayaCostantini / sigstore-keycloak-setup
A guide for setting up Sigstore with Keycloak as an identity provider
- Language:Rust 3
- Language:Standard ML 1
kubeservice-stack / cosign-webhook
Kubernetes admission webhook that uses cosign tools Container Sign Verify
Language:Go 1
