An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster
Enabling Software Supply Chain Security Capabilities in ArgoCD
🔮 ✈️ to integrate OPA Gatekeeper's new ExternalData feature with cosign to determine whether the images are valid by verifying their signatures
A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.
Example goreleaser + github actions config with keyless signing, SBOM generation, and attestations
Kubernetes admission webhook that uses cosign verify to check the subject and issuer of the image matches what you expect
Stream, Mutate and Sign Images with AWS Lambda and ECR
Software signing just got easier
Proof of concept that uses cosign and GitHub's in built OIDC for actions to sign container images, providing a proof that what is in the registry came from your GitHub action.
Sign your artifacts, source code or container images using Sigstore tools, Save the Signatures you want to use, and Validate & Control the deployments to allow only the known Sources based on Signatur...