cosign
https://github.com/sigstore/cosign
Go
Container Signing
Triage Issues!
When you volunteer to triage issues, you'll receive an email each day with a link to an open issue that needs help in this project. You'll also receive instructions on how to triage issues.
Triage Docs!
Receive a documented method or class from your favorite GitHub repos in your inbox every day. If you're really pro, receive undocumented methods or classes and supercharge your commit history.
Go not yet supported2 Subscribers
Add a CodeTriage badge to cosign
Help out
- Issues
- support image lists for verify-attestation
- Be able to modify the docker-reference field
- Feature: Provide an easier way to retrieve SBOM from In-Toto attestation
- `cosign attach` commands support providing a signature or attestation but not certificate
- Annotation support when uploading blobs
- Rename --k8s-keychain flag
- Attached attestations in keyless mode not returned with verify-attestations
- Ability to block admission if image SBOM contains specific package (defined in Cue)
- Improve reporting of verify cli commands with multiple images
- Provenance attestation does not contain subjects for each tag created.
- Docs
- Go not yet supported