cosign
https://github.com/sigstore/cosign
Go
Container Signing
Triage Issues!
When you volunteer to triage issues, you'll receive an email each day with a link to an open issue that needs help in this project. You'll also receive instructions on how to triage issues.
Triage Docs!
Receive a documented method or class from your favorite GitHub repos in your inbox every day. If you're really pro, receive undocumented methods or classes and supercharge your commit history.
Go not yet supported1 Subscribers
Add a CodeTriage badge to cosign![CodeTriage badge for sigstore/cosign](/sigstore/cosign/badges/users.svg?count=1)
Help out
- Issues
- Add support for recording creation timestamp for cosign attest
- Improve error message for failed SCT verification
- Include SCT verification failure details in error message
- Add new bundle support to `verify-blob` and `verify-blob-attestation`
- Bundle inspection and generation utilities
- Cuelang version error with go installer
- move utility key handling functions in pkg/cosign to an internal package
- Missing visibility body parameter when creating organization secrets
- main.go:74: error during command execution: signing **image:tag**: provenance predicate: required field builder missing
- Cosign can't verify by local key exported from HashiVault
- Docs
- Go not yet supported