The Airgap Native Packager Manager for Kubernetes

Common go library shared across sigstore services and clients

Remove all the resources from an AWS account

An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster

Cosign Github Action

sigstore the hard way!

🔮 ✈️ to integrate OPA Gatekeeper's new ExternalData feature with cosign to determine whether the images are valid by verifying their signatures

Compage - Low-Code Framework to develop Rest API, gRPC, dRPC, GraphQL, WebAssembly, microservices, FaaS, Temporal workloads, IoT and edge services, K8s controllers, K8s CRDs, K8s custom APIs, K8s Operators, K8s hooks, etc. with minimal coding and by automatically applying best practice methods like software supply chain security measures, SBOM, …

Import Helm Charts to OCI registries, optionally with vulnerability patching

This is just a proof-of-concept project that aims to sign and verify container images using cosign and OPA (Open Policy Agent)

Integrates Spiffe and Vault to have secretless authentication

Example goreleaser + github actions config with keyless signing, SBOM generation, and attestations

Sigstore Homebrew Tap

Google Container Analysis data import utility, supports OSS vulnerability scanner reports, SLSA provenance and sigstore attestations.

batCAVE Omnibus

Sign your artifacts, source code or container images using Sigstore tools, Save the Signatures you want to use, and Validate & Control the deployments to allow only the known Sources based on Signatures, Maintainers & other payloads automatically.

Example code repo for blog post https://chainguard.dev/posts/2022-01-07-cosign-aws-codepipeline

This GitHub Action use kaniko and Amazon Linux container with nitro-cli to build a reproducible AWS Nitro Enclaves EIF file and its information.

Cosign CircleCI orb. To learn more about cosign visit the GitHub repo

Docker Registry Authentication Made Simple