cosign
cosign copied to clipboard
sigstore
Code signing and transparency for containers and binaries
When I tried to connect my private hashivault to get public-key, I hit below issue. There is no much information in this error. What can I check for debugging? cosign...
**Description** Inspired by @codysoyland's https://github.com/codysoyland/sigstore-bundle-upgrade and building on the upcoming bundle support (https://github.com/sigstore/cosign/issues/3139), it would be great to have utilities to work with or create bundles outside of signing and...
**Description** I'd love to see [OCI image annotations](https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keys) added to the `gcr.io/projectsigstore/cosign` images (including the `-dev` ones). These annotations are useful for people to use manually and for use by...
**Description** I was attempting to install cosign locally on my Fedora 40 macine using the command: `go install github.com/sigstore/cosign/v2/cmd/cosign@latest` And received the following error: ``` pkg/mod/github.com/sigstore/cosign/[email protected]/pkg/cosign/cue/cue.go:19:2: reading cuelang.org/go/go.mod at revision...
#### Summary This PR attempts to address https://github.com/sigstore/cosign/issues/3832 - it will allow generating local signature for an image (when `--upload=false`) by using `--output-signature`/`--output-artifact`/`--output-payload` even when the remote registry is not...
**Question** I use passkeys to identify orgs and users when they sign in to a golang system that I am working on . the system produces artifacts into their GitHub...
Hi, I'm using cosign v2.3.0 to add an SPDX SBOM as an attestation based on locally generated key-value pairs, following the steps described here: https://aquasecurity.github.io/trivy/v0.31.3/docs/attestation/sbom/#sign-with-a-local-key-pair 1. cosign generate-key-pair (generates a...
Attempted to generate a key pair for GitHub (self-hosted enterprise) organization and resulted in a error `422 Invalid request` After attempting to generate keys with the GitHub organization method/option: ```...
Hello, I am trying to use AWS with KMS keys and cosign to sign images. If I understand the code correctly it would appear that when using AWS KMS keys,...
## Summary cosign's `sign*` commands currently output a signature's transparency log index number (as of v2.2.4). As an enhancement, it would be helpful if cosign also output the rekor entry...
