cosign
https://github.com/sigstore/cosign
Go
Container Signing
Triage Issues!
When you volunteer to triage issues, you'll receive an email each day with a link to an open issue that needs help in this project. You'll also receive instructions on how to triage issues.
Triage Docs!
Receive a documented method or class from your favorite GitHub repos in your inbox every day. If you're really pro, receive undocumented methods or classes and supercharge your commit history.
Go not yet supported2 Subscribers
Add a CodeTriage badge to cosign
Help out
- Issues
- Manifest's `.config.mediaType` being prefered as "artifact type" in OCI-layout `index.json` over `.artifactType`
- OCI artifact referrers should be listed in the `index.json` of an OCI-layout
- Use specific user-agent
- timestamp-server-url flag & the signing config
- CLI compatibility tracker WRT rekor v2
- Support oidc-client-id within signingConfig to avoid CLI flag redundancy
- feat(sign): support loading --cert/--cert-chain from URL and env variable
- How to handle single-repo, mutiple tag variations
- Figure out what to do with in-toto statements for `cosign attest`
- --attachment-tag-prefix is ignored during `cosign clean`
- Docs
- Go not yet supported