cosign
https://github.com/sigstore/cosign
Go
Container Signing
Triage Issues!
When you volunteer to triage issues, you'll receive an email each day with a link to an open issue that needs help in this project. You'll also receive instructions on how to triage issues.
Triage Docs!
Receive a documented method or class from your favorite GitHub repos in your inbox every day. If you're really pro, receive undocumented methods or classes and supercharge your commit history.
Go not yet supported2 Subscribers
Add a CodeTriage badge to cosign
Help out
- Issues
- Ability to block admission if image SBOM contains specific package (defined in Cue)
- Cleanup for TUF code
- Improve reporting of verify cli commands with multiple images
- Move pkg/providers to sigstore/sigstore
- Move fulcioroots and pkg/cosign/tuf packages to sigstore/sigstore
- Add env var or flag to allow cosign to run against staging instance of public rekor | fulcio
- *Any* CLI invocation with `--help` in it or beginning with `cosign help` should give me help text
- cosigned: allow configuring hash algorithm for signature verification
- Support for custom Annotations is missing
- Spec: Attestations & keyless mode for binaries
- Docs
- Go not yet supported