cosign
https://github.com/sigstore/cosign
Go
Container Signing
Triage Issues!
When you volunteer to triage issues, you'll receive an email each day with a link to an open issue that needs help in this project. You'll also receive instructions on how to triage issues.
Triage Docs!
Receive a documented method or class from your favorite GitHub repos in your inbox every day. If you're really pro, receive undocumented methods or classes and supercharge your commit history.
Go not yet supported2 Subscribers
Add a CodeTriage badge to cosign
Help out
- Issues
- cosign clean subcmd: misleading warning about cleaning "referrers" type
- fix: report certificate and timestamp verification checks
- fix: wire insecure-skip-verify to bundle generation
- Fix unsafe DefaultTransport type assertions
- cosign v3 fails to sign image with certificate
- cosign attest retries mishandled
- VerifyRFC3161Timestamp panics on verifiedTimestamps[0] when threshold is not met
- VerifyRFC3161Timestamp silently drops user-provided TSA chain when TrustedMaterial is set (regression from v2)
- docs: add digest-based verification example for verify-blob-attestation
- Reason for --signing-config depending on --new-bundle-format not clear
- Docs
- Go not yet supported