cosign
https://github.com/sigstore/cosign
Go
Container Signing
Triage Issues!
When you volunteer to triage issues, you'll receive an email each day with a link to an open issue that needs help in this project. You'll also receive instructions on how to triage issues.
Triage Docs!
Receive a documented method or class from your favorite GitHub repos in your inbox every day. If you're really pro, receive undocumented methods or classes and supercharge your commit history.
Go not yet supported2 Subscribers
Add a CodeTriage badge to cosign
Help out
- Issues
- fix(layout): preserve manifest artifactType in index.json when saving
- `verify` output missing success indicators for BYO-PKI certificate chain validation and RFC3161 timestamp verification
- fix: update dependencies to use new azure sdk components
- Add --ignore-pkcs11-certificate sign option
- Enhancement: Add native Syft JSON support in cosign attest
- Make sure cosign release signing takes rekor v2 change into account
- feat: add command update-key-pair (solves #3168)
- Reconsider the use of the annotation "kind": "dev.cosignproject.cosign/image" as gatekeeper for verify
- VerifyImageAttestations has no OCI 1.1 referrer discovery path
- cosign sign fails permanently with createLogEntryConflict if initial OCI push fails
- Docs
- Go not yet supported