cosign
https://github.com/sigstore/cosign
Go
Container Signing
Triage Issues!
When you volunteer to triage issues, you'll receive an email each day with a link to an open issue that needs help in this project. You'll also receive instructions on how to triage issues.
Triage Docs!
Receive a documented method or class from your favorite GitHub repos in your inbox every day. If you're really pro, receive undocumented methods or classes and supercharge your commit history.
Go not yet supported2 Subscribers
Add a CodeTriage badge to cosign
Help out
- Issues
- BUG issue signing with LUNA HSM
- Smaller cosign-verify binary
- Support 'cosign sign' with private keys handled by SSH agent
- Cannot verify docker image locally with public key
- Attaching the signature artifact to the Image artifact
- how does the Sign and attach a certificate and certificate chain work
- Request to move away from `github.com/chrismellard/docker-credential-acr-env`
- remove previously deprecated attach/download sbom commands
- cosign doesn't take certificate for verification
- `dockerfile verify` command fails when stage names are used in `FROM`
- Docs
- Go not yet supported