-
Right now a typical OIDC Issuer config would look like this:
`
"https://keycloak.local/sigstore-realm": {
"IssuerURL": "https://key cloak.local/sigstore-realm",
…
-
## Background
Sigstore created a common format in [sigstore/protobuf-specs](https://github.com/sigstore/protobuf-specs/blob/main/protos/sigstore_bundle.proto) for the output from Sigstore clients. …
-
## Feature Description
Start to sign the published OCI images using a documented identity.
It looks like you are using Google Cloud Build to publish your images, which @dlorenc added support for t…
-
Hi @kommendorkapten :wave:
I'm looking into how to adapt this code into the https://github.com/sigstore/scaffolding repo to fix the [issue](https://github.com/sigstore/scaffolding/issues/1001) aroun…
-
Would like to see about adding a command to sign a model using Sigstore. Does this sound like a feature/workflow we would want integrated into this CLI tool?
font updated
2 months ago
-
### Summary
Hashicorp Terraform requires provider authors use [GPG keys to sign provider binaries](https://developer.hashicorp.com/terraform/tutorials/providers/provider-release-publish), which it …
-
Hey! Thanks for maintaining `rust-tuf` :) I'm [trying this library out] with the Sigstore TUF instance, evaluating if we can replace [`tough`](https://github.com/awslabs/tough) in our Sigstore client.…
-
### Expected Behavior
A signer alternative to pgp (like sigstore in this case) which uses an extension `.sigstore.json` should be able to publish with that extension when doing a maven publish (this …
-
If there's a tool to auto-generate / update documentation based on the doc in the code, that'd be helpful.
@mihaimaruseac @spencerschrock
-
**Description**
[`github.com/sigstore/cosign/pkg/providers`](https://pkg.go.dev/github.com/sigstore/cosign/pkg/providers) provides an interface for OIDC token providers and some common implementati…