#
cosign
Here are 27 public repositories matching this topic...
An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster
docker
kubernetes
security
authentication
container
provenance
integrity
signature-verification
notary
admission-controllers
container-images
docker-content-trust
cosign
sigstore
image-signature
-
Updated
Jul 8, 2022 - Python
This is just a proof-of-concept project that aims to sign and verify container images using cosign and OPA (Open Policy Agent)
-
Updated
Aug 4, 2021 - Go
Example goreleaser + github actions config with keyless signing and SBOM generation
-
Updated
Jul 4, 2022 - Go
marcofranssen
commented
Sep 28, 2021
By implementing a proxying command we can invoke vault cli options via spiffe-vault directly.
e.g.
./spiffe-vault proxy 'vault read transit/keys/cosign'as opposed to running
eval "$(./spiffe-vault auth -role local)"
vault read transit/keys/cosignThis way we will never have to export the token within the current shell.
enhancement
New feature or request
good first issue
Good for newcomers
help wanted
Extra attention is needed
Kubernetes admission webhook that uses cosign verify to check the subject and issuer of the image matches what you expect
-
Updated
Jul 8, 2022 - JavaScript
Stream, Mutate and Sign Images with AWS Lambda and ECR
-
Updated
Oct 28, 2021 - Go
Proof of concept that uses cosign and GitHub's in built OIDC for actions to sign container images, providing a proof that what is in the registry came from your GitHub action.
-
Updated
Jul 1, 2022 - Dockerfile
Docker Registry Authentication Made Simple
-
Updated
Jun 3, 2022 - Go
Example code repo for blog post https://chainguard.dev/posts/2022-01-07-cosign-aws-codepipeline
-
Updated
Jan 25, 2022 - HCL
Sigstore Homebrew Tap
-
Updated
Jul 8, 2022 - Ruby
Sign your artifacts, source code or container images using Sigstore tools, Save the Signatures you want to use, and Validate & Control the deployments to allow only the known Sources based on Signatures, Maintainers & other payloads automatically.
kubernetes
containers
signature
opa
artifacts
gatekeeper
signature-verification
pods
container-security
open-policy-agent
policy-as-code
kubernetes-security
cosign
sigstore
rekor
fulcio
kubernetessecurity
containersecurity
-
Updated
Jun 15, 2022 - Go
A demonstration of how GoReleaser can help us to make software supply chain more secure by using bunch of tools such as cosign, syft, grype, slsa-provenance
-
Updated
Feb 10, 2022 - Go
Remove all the resources from an AWS account.
-
Updated
Apr 27, 2022 - Go
Cosign CircleCI orb. To learn more about cosign visit the GitHub repo
-
Updated
May 30, 2022 - Shell
Bitnami Docker Image for Cosign
-
Updated
Jul 9, 2022 - Dockerfile
This is a Git mirror
docker
dockerfile
docker-compose
gollum
wikijs
podman
podman-compose
meilisearch
goat-counter
cosign
pod-recon
coral-project
-
Updated
May 26, 2022
commit hash is signed using cosign. Signature is written to git object note.
-
Updated
Mar 23, 2021
AWS Pipelines utilizing Cosign to sign and verify containerized images.
golang
aws-lambda
terraform
aws-s3
aws-ecs
aws-codebuild
aws-codepipeline
aws-codecommit
pulumi
cosign
-
Updated
Jun 6, 2022 - HCL
Improve this page
Add a description, image, and links to the cosign topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the cosign topic, visit your repo's landing page and select "manage topics."
If someone were to accidently
zarf init --components=k3stwice (it doesn't have to be back-to-back, just before Zarf destroys the first cluster), weird stuff happens that Zarf doesn't handle in the best way.One of the files that gets copied to the host during the installation of the k3s component is an 'empty-file' that gets placed in the
/root/.kube/config. Since k3s/zarf is already runni