-
**Description**
Today Chainguard makes extensive use of Sigstore, and has long had it's own OIDC issuer (the fake used in this repo is derived from the skeleton of our original issuer).
We leak …
-
Just filing this for tracking purposes: https://github.com/sigstore/fulcio/pull/945 will change Fulcio's certificate extensions to make them more generic, avoiding unnecessary references to implementa…
-
**Describe the problem/challenge you have**
Having the ability to authenticate the entity that created the container image is a good security practice to prevent malicious / unexpected images to be…
-
### Is there an existing issue for this?
- [X] I have searched the existing issues
### What did you expect to happen?
Images should have identical digests no matter what region I pull from.
…
-
**Description**
In today's community meeting, we discussed two ways of supporting new IDPs:
* Integrating with Dex
* Adding the IDP directly to Fulcio's OIDC issuer config list
We need to dete…
-
**Description**
**Problem**
Currently you can call `cosign verify --certificate-chain` with a file that contains a single CA root certificate and possibly related intermediate certificates. Howev…
-
**Description**
The sigstore/sigstore TUF client has been updated to support the ["TSA" usage type](https://github.com/sigstore/sigstore/blob/364b1acc28de3ea95178e82d0b365036d60c6eb1/pkg/tuf/us…
-
When trying to sign docker image in github action via cosign, the following error breaks the build:
main.go:74: error during command execution: signing [ghcr.io/hvl71/simple-python-app-codespaces-v…
hvl71 updated
4 months ago
-
**Description**
It would be useful if sigstore-python had a user-agent in all requests:
- [x] fulcio client (#1008)
- [x] rekor client (#1008)
- [x] tuf client (https://github.com/sigstore/si…
-
Follow-up from https://github.com/sigstore/sigstore-python/pull/323#discussion_r1034822945: the various CLI options that control the Fulcio and Rekor instance state aren't "all or nothing," meaning th…