cosign
https://github.com/sigstore/cosign
Go
Container Signing
Triage Issues!
When you volunteer to triage issues, you'll receive an email each day with a link to an open issue that needs help in this project. You'll also receive instructions on how to triage issues.
Triage Docs!
Receive a documented method or class from your favorite GitHub repos in your inbox every day. If you're really pro, receive undocumented methods or classes and supercharge your commit history.
Go not yet supported2 Subscribers
Add a CodeTriage badge to cosign
Help out
- Issues
- feat(sign): support loading --cert/--cert-chain from URL and env variable
- How to handle single-repo, mutiple tag variations
- `cosign verify-attestation` and `cosign attach attestation` not working together under custom fulcio instance
- Figure out what to do with in-toto statements for `cosign attest`
- --attachment-tag-prefix is ignored during `cosign clean`
- Fulcio does not process token returned by az cli for app registration
- better error message when OIDC fails
- Support writing bundles to stdout
- Support "oras pull" for attestations
- Cosign v2 `verify` should auto-detect if `--new-bundle-format` is needed
- Docs
- Go not yet supported