Keyless Git signing using Sigstore
☆1,067Mar 19, 2026Updated this week
Alternatives and similar repositories for gitsign
Users that are interested in gitsign are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Code signing and transparency for containers and binaries☆5,734Updated this week
- Sigstore OIDC PKI☆814Updated this week
- Software Supply Chain Transparency Log☆1,100Updated this week
- Build OCI images from APK packages directly without Dockerfile☆1,573Updated this week
- Sigstore Policy Controller - an admission controller that can be used to enforce policy on a Kubernetes cluster based on verifiable supp…☆162Updated this week
- Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…☆519Mar 17, 2026Updated last week
- A utility to generate SPDX-compliant Bill of Materials manifests☆446Updated this week
- Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.☆75Updated this week
- build APKs from source code☆579Updated this week
- Common go library shared across sigstore services and clients☆503Updated this week
- A reading list for software supply-chain security.☆365Nov 21, 2022Updated 3 years ago
- A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.☆72Updated this week
- Transparenty Immutable Container Image Tags☆20Jul 5, 2023Updated 2 years ago
- Container image registry that serves images built fresh when you ask for them☆239Feb 14, 2025Updated last year
- A security layer for Git repositories☆585Updated this week
- A tool for securing CI/CD workflows with version pinning.☆887Mar 5, 2026Updated 2 weeks ago
- Code-signing for npm packages☆178Updated this week
- Build and deploy Go applications☆8,375Updated this week
- Sigstore user stories☆31Aug 25, 2023Updated 2 years ago
- An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster☆470Mar 18, 2026Updated last week
- Verify provenance from SLSA compliant builders☆313Mar 9, 2026Updated 2 weeks ago
- Supply Chain Security in Tekton Pipelines☆270Updated this week
- A collection of reusable Github Actions workflows.☆159Mar 17, 2026Updated last week
- Dynamic GitHub Actions from Wolfi packages☆44May 15, 2025Updated 10 months ago
- CLI tool and library for generating a Software Bill of Materials from container images and filesystems☆8,541Updated this week
- Main package repository for production Wolfi images☆1,181Mar 18, 2026Updated last week
- sigstore the hard way!☆118Aug 6, 2025Updated 7 months ago
- Language-agnostic SLSA provenance generation for Github Actions☆554Mar 9, 2026Updated 2 weeks ago
- OCI registry client - managing content like artifacts, images, packages☆2,179Updated this week
- The Kubernetes Security Profiles Operator☆838Mar 17, 2026Updated last week
- in-toto is a framework to protect supply chain integrity.☆982Mar 16, 2026Updated last week
- ☆58Jun 1, 2022Updated 3 years ago
- Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, an…☆999Mar 18, 2026Updated last week
- Public Chainguard Images☆664Updated this week
- BadRobot - Operator Security Audit Tool☆226Feb 2, 2026Updated last month
- ☆255Mar 16, 2026Updated last week
- SDLC evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more☆537Updated this week
- A GitHub App that acts like a Security Token Service (STS) for the Github API☆318Mar 18, 2026Updated last week
- Go library and CLIs for working with container registries☆3,784Mar 17, 2026Updated last week