"topic:sigstore" — Search

101 results for “topic:sigstore”

Kernel-enforced agent sandbox and agent security CLI and SDKs. Capability-based isolation with secure key management, atomic rollback, cryptographic immutable audit chain of provenance. Run your agents in a zero-trust environment.

Rust1.2k87Updated just now

agent-sandboxagent-securityai-agent-sandboxai-agent-securityai-agentsai-securityai-security-toolcode-executionllm-sandboxllm-securitymcpmcp-securityprompt-injectionruntime-securitysecuritysigstoresupply-chain-securityzero-trust

sigstore/gitsign

Keyless Git signing using Sigstore

Go1.1k73Updated 2 hours ago

gitsigningsigstore

sigstore/sigstore

Common go library shared across sigstore services and clients

Go505151Updated 4 days ago

cosigngogolangsecuritysigstoresupply-chain

sse-secure-systems/connaisseur

An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster

Go47162Updated 5 hours ago

admission-controllersauthenticationcontainercontainer-imagescosigndockerdocker-content-trustimage-signatureintegritykubernetesnotaryprovenancesecuritysignature-verificationsigstore

sigstore/model-transparency

Supply chain security for ML

Python22560Updated 4 hours ago

machine-learningsecuritysigstoresupply-chain

sigstore/sigstore-rs

An experimental Rust crate for sigstore

Rust22470Updated 6 days ago

rust-langrust-librariessigstore

stacklok/sigstore-the-hard-way

sigstore the hard way!

11825Updated 7 months ago

cosignsigstore

argoproj-labs/argocd-interlace

Enabling Software Supply Chain Security Capabilities in ArgoCD

Go9210Updated 3 years ago

argocdin-totosigstoresoftware-supply-chain-security

sigstore/sigstore-go

Go library for Sigstore signing and verification

Go8747Updated 2 days ago

gogolangsigstore

sigstore/cosign-gatekeeper-providerArchived

🔮 ✈️ to integrate OPA Gatekeeper's new ExternalData feature with cosign to determine whether the images are valid by verifying their signatures

Go7922Updated 3 months ago

cosignfulciogatekeeperkeylessoparekorsigstore

kubernetes-sigs/tejolote

A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.

Go7212Updated 3 hours ago

attestationprovenancesbomsigstoreslsa

arsbr/Veritensor

The Anti-Virus for AI Artifacts & RAG Firewall. A static analysis tool scanning Models and Notebooks for RCE, Datasets and RAG docs for Data Poisoning, PII, and Prompt Injections. Secure your AI Supply Chain.

Python694Updated 18 hours ago

ai-securityci-cdcosigndata-securitydevsecopsgenerative-aihuggingfacejupyter-notebookllm-securitymachine-learning-securitymlopspickle-securitypii-detectionprompt-injectionpytorchrag-securitysbomsigstorestatic-analysissupply-chain-security

sigstore/helm-sigstore

Plugin for Helm to integrate the sigstore ecosystem

Go6814Updated 4 days ago

helmsigstore

0x77dev/pdf-sign

PDF signing utility supporting GPG and Sigstore (Google, GitHub, Microsoft accounts / keyless OIDC) signatures, multi-party signing, making it easy to sign and verify documents without heavyweight PDF signing stacks, making your PDFs authentic, tamper-proof, fully compatible with regular readers; all while costing zero-dollars to use.

Rust684Updated 3 hours ago

digital-signaturedocument-signingfulciognupggpggpg-agentnixoidcopenpgppdfpdf-signingpgprekorrustsequoia-pgpsigstoresmartcardyubikey

goreleaser/example-supply-chain

Example goreleaser + github actions config with keyless signing, SBOM generation, and attestations

Go6011Updated 6 days ago

attestationscosigngogolanggoreleasersbomsigningsigstoreslsaslsa-provenancesoftware-bill-of-materialssupply-chainsyft

carabiner-dev/ampel

🔴🟡🟢 The Amazing Multipurpose Policy Engine (and L)

Go4010Updated 9 hours ago

actionsattestationattestationscelintotopolicysigstoresupply-chainsupply-chain-security

nsmith5/rekor-sidekick

🔍 Rekor transparency log monitoring and alerting

Go276Updated 2 years ago

openpolicyagentrekorsigstore

appvia/cosign-keyless-admission-webhook

Kubernetes admission webhook that uses cosign verify to check the subject and issuer of the image matches what you expect

JavaScript241Updated 1 month ago

container-securitycosignhacktoberfestkuberneteskubernetes-admission-webhookoidcsigstore

rewanthtammana/sigstore-the-easy-way

Software signing just got easier

HTML203Updated 2 years ago

guidesigstoresoftware-supply-chain-security

chainguard-dev/tlogistryArchived

Transparenty Immutable Container Image Tags

Go202Updated 2 years ago

container-imagesigstoretransparency-log

martinbaillie/ocistow

Stream, Mutate and Sign Images with AWS Lambda and ECR

Go201Updated 4 years ago

awsaws-lambdacosigndockerecrocisigstoreslsasupplychain

sigstore/sigstore-go-archivedArchived

Go library for Sigstore signing and verification

Go179Updated 2 years ago

gogolangsigstore

sigstore/sigstore-a2a

Sigstore A2A Agent Signing

Python164Updated 2 days ago

agentcryptographysecuritysigstore

ThomasVitale/supply-chain-security-javaArchived

Samples showing how to secure the supply chain for Java applications.

Java145Updated 1 month ago

cyclonedxjavasbomsigstoreslsasupply-chain-security

chrisns/cosign-keyless-demoArchived

Proof of concept that uses cosign and GitHub's in built OIDC for actions to sign container images, providing a proof that what is in the registry came from your GitHub action.

Dockerfile140Updated 3 years ago

containercosigngithubgithub-actionhacktoberfestoidcproof-of-conceptsigstore

albasystems/hello-slsa

Project that demonstrates the implementation of SLSA L3 with Github Workflows and Sigstore. Bonus: binary authorization with Kyverno.

CUE131Updated 2 years ago

kyvernosigstoreslsa

sigstore/sigstore-conformance

Conformance testing for Sigstore clients

Python1318Updated 6 days ago

conformancesigstoretests

always-further/agent-sign

Provide full security provenance and agent attestations from source to runtime

Shell130Updated 2 days ago

actionsagentaiattestationnonoprovenancesandboxsecuritysigstore

kube-tarian/sigrun

Sign your artifacts, source code or container images using Sigstore tools, Save the Signatures you want to use, and Validate & Control the deployments to allow only the known Sources based on Signatures, Maintainers & other payloads automatically.

Go123Updated 2 years ago

artifactscontainer-securitycontainerscontainersecuritycosignfulciogatekeeperkuberneteskubernetes-securitykubernetessecurityopaopen-policy-agentpodspolicy-as-coderekorsignaturesignature-verificationsigstore

GoogleCloudPlatform/aactlArchived

Google Container Analysis data import utility, supports OSS vulnerability scanner reports, SLSA provenance and sigstore attestations.

Go128Updated 3 months ago

artifactattestationsbuildcontainercosigngcbgcpimportpredicatesbomsigstoreslsa

Page 1 of 4