sigstore framework sigstore/sigstore contains common Sigstore code: that is, code shared by infrastructure (e.g., Fulcio and Rekor) and Go language clients (e.g., Cosign and Gitsign). This library currently provides: A…
sigstore framework
 sigstore/sigstore contains common Sigstore code: that is, code shared by infrastructure (e.g., Fulcio and Rekor) and Go language clients (e.g., Cosign and Gitsign).
This library currently provides:
- A signing interface (support for ecdsa, ed25519, rsa, DSSE (in-toto))
- OpenID Connect fulcio client code
- AWS Key Management Service
- Azure Key Vault
- HashiCorp Vault
- Google Cloud Platform Key Management Service
- OpenBao
- OVHcloud KMS (as external plugin)
Fuzzing
The fuzzing tests are within https://github.com/sigstore/sigstore/tree/main/test/fuzzSecurity
Should you discover any security issues, please refer to sigstores security
process
For container signing, you want cosign
Members
-
cosign ★ PINNED
Code signing and transparency for containers and binaries
Go ★ 6.1k 11h agoExplain → -
fulcio ★ PINNED
Sigstore OIDC PKI
Go ★ 861 2d agoExplain → -
rekor ★ PINNED
Software Supply Chain Transparency Log
Go ★ 1.2k 1d agoExplain → -
sigstore-rs ★ PINNED
An experimental Rust crate for sigstore
Rust ★ 233 1d agoExplain → -
sigstore-python ★ PINNED
A Sigstore client written in Python
Python ★ 324 2d agoExplain → -
sigstore-java ★ PINNED
java clients for sigstore
Java ★ 76 6d agoExplain → -
gitsign
Keyless Git signing using Sigstore
Go ★ 1.1k 23h agoExplain → -
sigstore
Common go library shared across sigstore services and clients
Go ★ 528 1d agoExplain → -
model-transparency
Supply chain security for ML
Python ★ 237 1d agoExplain → -
cosign-installer
Cosign Github Action
★ 202 2d agoExplain → -
sigstore-js
Code-signing for npm packages
TypeScript ★ 179 1d agoExplain → -
policy-controller
Sigstore Policy Controller - an admission controller that can be used to enforce policy on a Kubernetes cluster based on verifiable supply-chain metadata from cosign
Go ★ 175 1d agoExplain → -
docs
Sigstore documentation
HTML ★ 149 2d agoExplain → -
timestamp-authority
RFC3161 Timestamp Authority
Go ★ 136 23h agoExplain → -
root-signing
TUF repository for Sigstore trust root
Makefile ★ 129 20h agoExplain → -
helm-charts
Helm charts for sigstore project
Go Template ★ 92 2d agoExplain → -
sigstore-go
Go library for Sigstore signing and verification
Go ★ 90 1d agoExplain → -
k8s-manifest-sigstore
kubectl plugin for signing Kubernetes manifest YAML files with sigstore
Go ★ 88 1mo agoExplain → -
scaffolding
Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.
Go ★ 83 19h agoExplain → -
cosign-gatekeeper-provider ▣
🔮 ✈️ to integrate OPA Gatekeeper's new ExternalData feature with cosign to determine whether the images are valid by verifying their signatures
Go ★ 79 6mo agoExplain → -
helm-sigstore
Plugin for Helm to integrate the sigstore ecosystem
Go ★ 71 20h agoExplain → -
gh-action-sigstore-python
A GitHub Action for sigstore-python
Python ★ 70 4d agoExplain → -
rekor-monitor
Log monitor for Rekor to verify immutability and monitor entries
Go ★ 56 1d agoExplain → -
community
General sigstore community repo
★ 45 4d agoExplain → -
rekor-tiles
Signature Transparency Log designed for ease of use, low cost, and minimal maintenance
Go ★ 43 2d agoExplain → -
rekor-search-ui
Search Rekor for entries
TypeScript ★ 43 3mo agoExplain → -
protobuf-specs
Sigstore's Protocol Buffer specifications
Makefile ★ 35 3h agoExplain → -
friends
Sigstore user stories
★ 32 2y agoExplain → -
model-validation-operator
Kubernetes controller to validate AI models
Go ★ 29 1d agoExplain → -
sigstore-website
Codebase for sigstore.dev
Vue ★ 28 22d agoExplain → -
sigstore-ruby
Pure-ruby implementation of sigstore verification
Ruby ★ 28 5d agoExplain → -
sigstore-a2a
Sigstore A2A Agent Signing
Python ★ 24 2d agoExplain → -
sget ▣
No description.
Go ★ 23 3y agoExplain → -
sigstore-rust
Sigstore implemented in Rust for Github v0.3 bundles
Rust ★ 21 20h agoExplain → -
rekor-operator ▣
K8S Operator for Rekor
Go ★ 20 3y agoExplain → -
sigstore-maven-plugin ▣
sigstore maven plugin
Java ★ 19 1y agoExplain → -
sget-rs ▣
sget is a keyless safe script retrieval and execution tool
Rust ★ 18 4y agoExplain → -
sigstore-go-archived ▣
Go library for Sigstore signing and verification
Go ★ 17 2y agoExplain → -
rekor-server ▣
Cryptographic, immutable, append only software release ledger.
Go ★ 13 5y agoExplain → -
root-signing-staging
Staging TUF repository for Sigstore trust root
★ 11 1d agoExplain → -
sigstore-conformance
Conformance testing for Sigstore clients
Python ★ 11 1d agoExplain → -
rekorctl ▣
Rekor swiss army knife
Go ★ 10 4y agoExplain → -
TSC
sigstore Technical Steering Committee
★ 9 1y agoExplain → -
sigstore-maven ▣
sigstore maven plugin
Java ★ 9 1y agoExplain → -
sigstore-git-verifier ▣
A Github Action to verify that new commits are present in the sigstore transparency log.
Shell ★ 9 5y agoExplain → -
sigstore-devops-tools
Tools & services used to help in the development flow of sigstore
Go ★ 8 1d agoExplain → -
github-sync
Pulumi GitHub Sync for sigstore
Go ★ 8 1d agoExplain → -
ruby-sigstore ▣
Rubygems sigstore signing plugin
Ruby ★ 8 3y agoExplain → -
sigstore-rekor-types
Python models for Rekor's API types
Python ★ 7 21h agoExplain → -
homebrew-tap
Sigstore Homebrew Tap
Ruby ★ 7 2mo agoExplain → -
sigstore-blog
Codebase for blog.sigstore.dev
CSS ★ 7 1mo agoExplain → -
examples ▣
Repository to store various monitors for upstream release sites
Python ★ 7 4y agoExplain → -
sigstore.github.io ▣
Rekor website
Sass ★ 7 4y agoExplain → -
architecture-docs ⑂
Specification of sigstore's architecture in an IETF internet-draft format
★ 6 1mo agoExplain → -
sigstore-probers
Probers for sigstore infrastructure
Go ★ 6 1d agoExplain → -
sig-clients
Home of the clients SIG
★ 6 1y agoExplain → -
sigstore-project-template
cookiecutter template for sigstore projects
★ 6 3y agoExplain → -
terraform-modules
Terraform modules for Sigstore cloud infrastructure
HCL ★ 5 11h agoExplain → -
.github
Default community health files for the Sigstore organization.
★ 5 5mo agoExplain → -
root-signing-practice ▣
Root TUF Key Signing
Go ★ 4 5y agoExplain → -
sigstore-helm-operator ▣
Helm based operator for the sigstore project
Smarty ★ 4 4y agoExplain → -
sigstore-installer ▣
No description.
★ 2 3y agoExplain → -
sig-public-good-operations
Home of the public good operations SIG
★ 2 3y agoExplain → -
fish-food ▣
No description.
Lua ★ 1 4y agoExplain → -
.allstar ⑂
.allstar repository configuration
★ 0 2y agoExplain → -
landscape
No description.
★ 0 4y agoExplain →
No repos match these filters.