notaryproject / notation-action
GitHub Actions for signing and verifying artifacts with Notation
☆16Updated this week
Related projects: ⓘ
- A collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications.☆37Updated this week
- A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.☆55Updated this week
- Cross tooling and interoperability specifications☆155Updated last week
- Helm charts for sigstore project☆64Updated last week
- Go library for Sigstore signing and verification☆43Updated this week
- The Porter Operator gives you a native, integrated experience for managing your bundles from Kubernetes. It is the recommended way to aut…☆31Updated this week
- ☆61Updated 4 months ago
- Go implementation for CNAB content trust verification using TUF, Notary, and in-toto☆31Updated last year
- OCI Working Group: Reference Types☆23Updated 2 years ago
- Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.☆40Updated 10 months ago
- Integrates Spiffe and Vault to have secretless authentication☆82Updated last week
- 🔍 Rekor transparency log monitoring and alerting☆26Updated 11 months ago
- A CLI used to work with the Wolfi OSS project☆53Updated this week
- Like tar, but for containers!☆45Updated 7 months ago
- Contains support for Notary Project signature envelope, and format specific implementation☆14Updated this week
- TUF repository for Sigstore trust root☆84Updated this week
- Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.☆57Updated this week
- Container Storage Interface components for SPIFFE☆53Updated last month
- ORAS (OCI registry as storage) container storage interface☆15Updated 3 months ago
- Log monitor for Rekor to verify immutability and monitor entries☆24Updated this week
- Sigstore Policy Controller - an admission controller that can be used to enforce policy on a Kubernetes cluster based on verifiable supp…☆123Updated last week
- Multi-cluster core☆74Updated last week
- Set up your GitHub Actions workflow with a specific version of ORAS☆13Updated this week
- Kubernetes KMS implementation☆19Updated last week
- Tool to scan a container image's rootfs☆12Updated 10 months ago
- Sigstore user stories☆29Updated last year
- A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.☆128Updated this week
- OCI viewer☆15Updated 3 months ago
- Trivy plugin for OCI referrers☆20Updated 4 months ago
- 🔮 ✈️ to integrate OPA Gatekeeper's new ExternalData feature with cosign to determine whether the images are valid by verifying their sig…☆75Updated 5 months ago