cosign
https://github.com/sigstore/cosign
Go
Container Signing
Triage Issues!
When you volunteer to triage issues, you'll receive an email each day with a link to an open issue that needs help in this project. You'll also receive instructions on how to triage issues.
Triage Docs!
Receive a documented method or class from your favorite GitHub repos in your inbox every day. If you're really pro, receive undocumented methods or classes and supercharge your commit history.
Go not yet supported2 Subscribers
Add a CodeTriage badge to cosign
Help out
- Issues
- --attachment-tag-prefix is ignored during `cosign clean`
- Fulcio does not process token returned by az cli for app registration
- better error message when OIDC fails
- Support writing bundles to stdout
- Support "oras pull" for attestations
- Cosign v2 `verify` should auto-detect if `--new-bundle-format` is needed
- Mandate verification material output if no registry upload
- Custom metadata not configured properly for target tsa certs, skipping target
- sigstore-bundle manifest should include an annotation pointing to the actual nested predicateType
- Restructuring signing code for shared implementation
- Docs
- Go not yet supported