🔮 ✈️ to integrate OPA Gatekeeper's new ExternalData feature with cosign to determine whether the images are valid by verifying their signatures

PDF signing utility supporting GPG and Sigstore (Google, GitHub, Microsoft accounts / keyless OIDC) signatures, multi-party signing, making it easy to sign and verify documents without heavyweight PDF signing stacks, making your PDFs authentic, tamper-proof, fully compatible with regular readers; all while costing zero-dollars to use.

🔍 Rekor transparency log monitoring and alerting

K8S Operator for Rekor

Sign your artifacts, source code or container images using Sigstore tools, Save the Signatures you want to use, and Validate & Control the deployments to allow only the known Sources based on Signatures, Maintainers & other payloads automatically.

Kubernetes Operator for deploying and managing Sigstore components like Fulcio, Rekor, TSA, and TUF.

OpenALPR-Webhook is a self-hosted web application that accepts Rekor Scout™ POST data allowing longer data retention.

Sigstore Homebrew Tap

A Falco Plugin for Rekor Transparency Log Server

Java PoC code to implement sigstore operations equivalent to "cosign sign-blob"

Verifiable Usage Receipts for AI APIs. Cryptographic proof that your token bill is real. Ed25519 + Fulcio signing, RFC 6962 Merkle proofs, Trillian Tessera log, C2SP witness cosigning, Rekor public anchoring, Rust tokenizer verification. No blockchain.

Supply Chain Security does not need to be difficult

A Rekor crawler and monitor

Rekor ArgoCD Deployment on OpenShift

Cosign is the command-line client of the Sigstore project for signing, verifying, and storing container images, OCI artifacts, blobs, and in-toto attestations.

A minimal Go HTTP server demonstrating keyless image signing with Sigstore (Cosign + Fulcio + Rekor) and GitOps delivery via ArgoCD.

Search Rekor for entries