-
**Description**
This is a request to add [eduGAIN](https://edugain.org/) to the trusted IdP list. eduGAIN provides an interface to access over 70+ identity federations around the world. This wi…
-
After reading your `README.md`, the elephant missing is: how do I actually sign my releases using a fulcio-issued code signing certificate for Windows and MacOS?
Context: I maintain an open-source …
-
**Description**
We use cosign to sign images as a part of our release workflow running in Github Actions and starting this week it stopped working with the following error:
`
Error: signing [pu…
-
**Description**
After the migration of OIDC providers to the new configuration in https://github.com/sigstore/fulcio/pull/1743/files
signing from Codefresh is failing when scm_repo_url is not prov…
-
Generate verify-able signed attestations for every artifact made with GitHub Actions.
- https://github.blog/2024-05-02-introducing-artifact-attestations-now-in-public-beta/
- https://github.com/ac…
-
Copying from the doc, from @segiddins: this bullet has some inaccuracies in it:
* The leaf certificate has SANs, not a subject (the subject is empty, since we only use SANs)
* The leaf's SANs shou…
-
Presently, there is no proposed Attestation for recording metadata about source code that developers may have written. For example, the [Datadog Agent Integrations](https://www.datadoghq.com/blog/engi…
-
**Description**
Remove the GitHub TSA as it's not used by anything. It's being removed from the production repo too, see https://github.com/sigstore/root-signing/issues/1268
Add `signing_config.json…
-
**Description**
*@tetsuo-cpp filed similar issues under Cosign and Rekor. We realise there's a lot of overlap in maintainers, but wanted to make sure that we discuss each project that we plan to to…
-
hello!
The attestation action is broken currently for GHE users, it worked yesterday afternoon Central Europe time.
The attestation action works correctly with public sigstore, which makes me thin…