cosign
cosign copied to clipboard
sigstore
Code signing and transparency for containers and binaries
As a follow on to #1548 @kkavitha and I chatted about some additional checks that we should be doing. For example, we should check the inline data to ensure inline...
Currently, the policy admission controller is able to block admission based on the presence of certain attestations, evaluated against some Cue code. For example, from [here](https://github.com/sigstore/cosign/blob/main/test/testdata/policy-controller/e2e/cip-requires-two-signatures-and-two-attestations.yaml#L15): ```yaml ... policy: type:...
Fixes #648 Fixes #707 Signed-off-by: Furkan Co-authored-by: Batuhan cc @developer-guy
**Description** Integrate a new keychain (via [docker-credential-acr-helper](https://github.com/mozillazg/docker-credential-acr-helper/blob/master/examples/go-containerregistry-auth/main.go#L15)) to support Alibaba Cloud Container Registry.
**Description** It would be great to have a new `resolve` as a sub command of [manifest](https://github.com/sigstore/cosign/blob/master/cmd/cosign/cli/manifest.go). What I want to achieve is that ability to do `kbld -f deployment.yml` but...
**Description** Currently, we only have `--sig-only` flag to copy only image signature. I thought it would be nice to have also `--sbom-only` for copy _SBOM_ and `--sbom-only` for copy _ATT_....
**Description** This is a proposal to discuss the general Sigstore story and functionality around binaries and blobs. Many package managers are planning on adopting Sigstore tooling, especially using keyless mode...
**Description** This will require a change to upstream sigstore/sigstore and then we can call the function to get rekor pubs from sigstore's root. cc @imjasonh @haydentherapper
This is related to our work on `sigstore-python` (https://github.com/sigstore/sigstore-python/issues/108): `--cert-email` is slightly misleading, since what it _really_ does is verify the X.509v3 Subject Alternative Name extension, whatever it happens to...
To fix https://github.com/sigstore/cosign/issues/1899 @asraa submitted https://github.com/sigstore/cosign/pull/1921. @vaikas stepped in to help with tests and adapted it to https://github.com/sigstore/cosign/pull/1932. This appears to fix the bug, and I approved it because this...
