-
**Description**
We are working on adding support to cosign for trusted roots (#3700) and the protobuf bundle format (#3139).
For folks who have previously signed disparate content, it could be helpf…
-
### Is your feature request related to a problem? Please describe.
As Kay I want to have Sigstore integrated with Keycloak so that I can sign images, git commits and more without needing to manage …
-
https://github.com/sigstore/cosign/issues/2434 proposes adding "conformance testing" to Cosign ([previously implemented in sigstore-python](https://github.com/sigstore/sigstore-python/pull/298)).
…
-
Presently, there is no proposed Attestation for recording metadata about source code that developers may have written. For example, the [Datadog Agent Integrations](https://www.datadoghq.com/blog/engi…
-
**Description**
This is a request to add [eduGAIN](https://edugain.org/) to the trusted IdP list. eduGAIN provides an interface to access over 70+ identity federations around the world. This wi…
-
It would be great to have working keyless support in connaisseur.
We made a strong effort to establish a system to rollout your own instance of fulcio and rekor (look at ). This is a project for eu…
-
**Support keyless Signature verification using only Root certificate**
**Use case Description:**
1. A company has a private CA which is being used to sign the artifacts.
2. Private CA genera…
-
**Description**
*@tetsuo-cpp filed similar issues under Cosign and Rekor. We realise there's a lot of overlap in maintainers, but wanted to make sure that we discuss each project that we plan to to…
-
Investigate if/how the Windows exe can be digitally signed for free using sigstore/fulcio
https://github.com/sigstore/fulcio
https://docs.sigstore.dev/fulcio/overview
https://github.com/sigstore/…
-
**Description**
The documentation website appears to be solely focused on the user's perspective, rather than also incorporating the developer's viewpoint as well. Although there is a Swagger docum…