-
**Description**
I'm making an executive decision to remove delegations until a further root-signing event. The reasoning is that there are many issues in using delegations practically and we are st…
asraa updated
2 weeks ago
-
**Description**
Now that NIST has [announced](https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms) the first few quantum-resistant cry…
-
(This is written about GitHub so we have a specific example, but applies to all future CI/CD providers!)
Right now, you need to deal with a menagerie of flags to verify GitHub actions workflows (`c…
-
### Contributing guidelines
- [X] I've read the [contributing guidelines](https://github.com/docker/build-push-action/blob/master/.github/CONTRIBUTING.md) and wholeheartedly agree
### I've found…
-
**Description**
See https://github.com/sigstore/sigstore-go/blob/main/pkg/fulcio/certificate/summarize.go#L64
- [ ] Support OtherName, used by Fulcio for user names in certificates (not curr…
-
**Describe the bug**
I am following the instructions [for using generator_generic_slsa3](https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/generic/README.md) to gene…
-
Hi guys👋,
We are currently in the process of setting up my own sigstore with scaffold.
As our oidc issuer we want to use a custom application in Azure Entra ID.
In entra id you have to set up c…
-
## Background
Sigstore created a common format in [sigstore/protobuf-specs](https://github.com/sigstore/protobuf-specs/blob/main/protos/sigstore_bundle.proto) for the output from Sigstore clients. …
-
### Is your feature request related to a problem? Please describe.
As Kay I want to have Sigstore integrated with Keycloak so that I can sign images, git commits and more without needing to manage …
-
**Description**
As language package managers (PyPI, Ruby Gems, etc) begin to adopt sigstore for signing their packages we may want a generic type that represents a "package.
The initial thought …