-
**Description**
this is something [we automated w/ smallstep's step-cli tool](https://github.com/sigstore/fulcio/issues/1178#issuecomment-1670493071), but i've been playing with the [smallstep …
-
**Is your feature request related to a problem? Please describe.**
I would like to use [generator_container_slsa3](https://github.com/slsa-framework/slsa-github-generator/blob/main/.github/workflows/…
-
### Is your feature request related to a problem? Please describe.
Preserving supply chain integrity when moving artifacts downloaded from the Internet into an air-gapped environment is very challe…
-
Fulcio is in a good position to record the public keys of the OIDC identity providers in a (separate?) transparency log. This would be nice to have for historical reasons.
-
**Description**
Some use-cases involve standing up a private instance of the Sigstore stack as users do not want to upload private data to the public good instance (PGI). For these cases, we need t…
font updated
5 months ago
-
Hi. Thank you for gitsign! As far as I can tell, gitsign does not support non-interactive usage but only the keyless mode, right? If so, this is a feature request to support non-keyless mode. My u…
-
It would be useful to support private PKI.
- Private sigstore instances (#3607)
- Private keys obtained from vault or something else? (#326)
-
**Description**
Currently, sigstore-java is all-in-one, so users can't select the bits they need, and the dependency surface might become an issue.
For instance, generating Sigstore Bundle requi…
-
I need to have pushed image digest so it can be signed with [cosign](https://github.com/sigstore/cosign).
Example action step:
```
- name: Sign the published Docker image
if: ${{ git…
-
Sometimes we will want to validate on a public key, rather than the [SAN](https://github.com/seedwing-io/seedwing-policy/blob/main/seedwing-policy-server/policy/mycorp/policies.dog#L89) in an x509 cer…