-
We've got a lot of bundle versions floating out there. Well, really just two. But soon, there will be three!
What do y'all thinking about a CLI to "upgrade" a bundle to the latest version? The conv…
-
**Description**
_I've filed similar issues under Cosign and Rekor. I realise there's a lot of overlap in maintainers, but wanted to make sure that we discuss each project that we plan to touch. Apo…
-
Sign `nupkg`, `dll`, `psm1` files and possibly other artifacts.
-
**Description**
Support for uploading a certificate chain, not just a leaf certificate, was added awhile ago (https://github.com/sigstore/rekor/pull/747). I don't recall if there was a specific…
-
See https://github.com/sigstore/fulcio/blob/main/pkg/server/error.go#L42, all request errors are logged as errors regardless of if it's due to the user (4xx) or server (429, 5xx). This leads to a lot …
-
**Description**
Hey Cosign folks! Recently, @woodruffw and I have been working on a conformance testing suite for Sigstore clients. At the moment, it just does a basic sign/verify test along the ha…
-
**Description**
Copied from #152 in sigstore/sigstore-website
Currently, the docs shown on the sigstore.dev website are of the latest iteration of the docs only.
It would be nice and probably c…
-
**Description**
Due to a series of unfortunate events the field name that points to Transparency Log (aka, Rekor) is incorrectly / confusingly called CTLog:
https://github.com/sigstore/policy-cont…
-
I know there's been a fair amount of work on gitlab integration and cicd which is great, but I'd like to know if there's anything that can be configured if I can retrieve a JWT token myself?
I have…
-
GitHub has partnered with the OpenSSF and Project Sigstore to add container image signing to our default “Publish Docker Container” workflow.
Source: https://github.blog/2021-12-06-safeguard-contai…