cosign
https://github.com/sigstore/cosign
Go
Container Signing
Triage Issues!
When you volunteer to triage issues, you'll receive an email each day with a link to an open issue that needs help in this project. You'll also receive instructions on how to triage issues.
Triage Docs!
Receive a documented method or class from your favorite GitHub repos in your inbox every day. If you're really pro, receive undocumented methods or classes and supercharge your commit history.
Go not yet supported2 Subscribers
Add a CodeTriage badge to cosign
Help out
- Issues
- Feature: Provide an easier way to retrieve SBOM from In-Toto attestation
- `cosign attach` commands support providing a signature or attestation but not certificate
- Annotation support when uploading blobs
- Rename --k8s-keychain flag
- Attached attestations in keyless mode not returned with verify-attestations
- Ability to block admission if image SBOM contains specific package (defined in Cue)
- Improve reporting of verify cli commands with multiple images
- Provenance attestation does not contain subjects for each tag created.
- Allow for alternate registry API implementations
- Signing should reject annotations that conflict with reserved fields
- Docs
- Go not yet supported