cosign
https://github.com/sigstore/cosign
Go
Container Signing
Triage Issues!
When you volunteer to triage issues, you'll receive an email each day with a link to an open issue that needs help in this project. You'll also receive instructions on how to triage issues.
Triage Docs!
Receive a documented method or class from your favorite GitHub repos in your inbox every day. If you're really pro, receive undocumented methods or classes and supercharge your commit history.
Go not yet supported2 Subscribers
Add a CodeTriage badge to cosign
Help out
- Issues
- Verify images from tar file or local podman cache
- `cosign copy` should have an option to create a "copy attestation"
- Support errors from Rego validation consistent with policy-controller's convention
- [Vault KMS] don't assume the `transit` path
- [Vault KMS] Support kubernetes authentication when logging in to Vault
- Cannot verify PredicateType `cyclonedx` generated with previous versions of cosign, or vice versa.
- Support signing multiple blobs, producing a single bundle which may verify any of them
- Inappropriate printing to STDOUT
- Expected cosign verify-attestation to validate an attestation of type spdxjson; Got error
- Custom Annotation Support for Attestations
- Docs
- Go not yet supported