Proof of concept that uses cosign and GitHub's in built OIDC for actions to sign container images, providing a proof that what is in the registry came from your GitHub action.
-
Updated
Jan 31, 2023 - Dockerfile
Proof of concept that uses cosign and GitHub's in built OIDC for actions to sign container images, providing a proof that what is in the registry came from your GitHub action.
[Archived] Blog about kyverno verify images which uses cosign from sigstore under the hood
A guide for setting up Sigstore with Keycloak as an identity provider
Sample CI/CD pipeline for creating container images with provenance details.
Verify Sigstore Gitsign commit signatures
This GitHub Action use kaniko and Amazon Linux container with nitro-cli to build a reproducible AWS Nitro Enclaves EIF file and its information.
An Ansible collection for using Sigstore to verify file signatures
(landing area for upstream contributions and carried patches)
Gitsign plugin for asdf version manager
Stream, Mutate and Sign Images with AWS Lambda and ECR
Add a description, image, and links to the sigstore topic page so that developers can more easily learn about it.
To associate your repository with the sigstore topic, visit your repo's landing page and select "manage topics."