Alternatives and similar repositories for cosign

Users that are interested in cosign are comparing it to the libraries listed below

• google / go-containerregistry
  Go library and CLIs for working with container registries
  ☆3,599Updated this week
• anchore / syft
  CLI tool and library for generating a Software Bill of Materials from container images and filesystems
  ☆7,975Updated this week
• open-policy-agent / conftest
  Write tests against structured configuration data using the Open Policy Agent Rego query language
  ☆3,071Updated last week
• slsa-framework / slsa
  Supply-chain Levels for Software Artifacts
  ☆1,754Updated last week
• falcosecurity / falco
  Cloud Native Runtime Security
  ☆8,395Updated last week
• open-policy-agent / gatekeeper
  🐊 Policy Controller for Kubernetes
  ☆4,061Updated this week
• buildpacks / pack
  CLI for building apps using Cloud Native Buildpacks
  ☆2,835Updated last week
• chainguard-dev / apko
  Build OCI images from APK packages directly without Dockerfile
  ☆1,463Updated this week
• anchore / grype
  A vulnerability scanner for container images and filesystems
  ☆11,030Updated this week
• oras-project / oras
  OCI registry client - managing content like artifacts, images, packages
  ☆2,005Updated this week
• cilium / hubble
  Hubble - Network, Service & Security Observability for Kubernetes using eBPF
  ☆3,988Updated last week
• project-copacetic / copacetic
  🧵 CLI tool for directly patching container images!
  ☆1,480Updated this week
• cilium / tetragon
  eBPF-based Security Observability and Runtime Enforcement
  ☆4,267Updated this week
• spiffe / spire
  The SPIFFE Runtime Environment
  ☆2,120Updated this week
• stackrox / kube-linter
  KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adh…
  ☆3,321Updated this week
• hashicorp / boundary
  Boundary enables identity-based access management for dynamic infrastructure.
  ☆3,965Updated this week
• external-secrets / external-secrets
  External Secrets Operator reads information from a third-party service like AWS Secrets Manager and automatically injects the values as K…
  ☆6,133Updated this week
• Checkmarx / kics
  Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastruct…
  ☆2,514Updated this week
• tellerops / teller
  Cloud native secrets management for developers - never leave your command line for secrets.
  ☆3,151Updated last year
• zegl / kube-score
  Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in …
  ☆2,992Updated last week
• smallstep / cli
  🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.
  ☆4,057Updated this week
• notaryproject / notary
  Notary is a project that allows anyone to have trust over arbitrary collections of data
  ☆3,285Updated last year
• FairwindsOps / polaris
  Validation of best practices in your Kubernetes clusters
  ☆3,325Updated this week
• tenable / terrascan
  Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
  ☆5,194Updated 3 months ago
• sigstore / rekor
  Software Supply Chain Transparency Log
  ☆1,027Updated last week
• aquasecurity / tfsec
  Tfsec is now part of Trivy
  ☆6,925Updated last week
• containers / skopeo
  Work with remote images registries - retrieving information, images, signing content
  ☆10,019Updated last week
• opencost / opencost
  Cost monitoring for Kubernetes workloads and cloud costs
  ☆6,171Updated this week
• pixie-io / pixie
  Instant Kubernetes-Native Application Observability
  ☆6,239Updated last week
• aquasecurity / starboard
  Superseded by https://github.com/aquasecurity/trivy-operator
  ☆1,368Updated last week