-
## Summary
cosign's `sign*` commands currently output a signature's transparency log index number (as of v2.2.4). As an enhancement, it would be helpful if cosign also output the rekor entry ID.
…
-
Following up from https://github.com/sigstore/sigstore-go/issues/193#issuecomment-2297158885, we are using the [certificate's timestamp to verify itself](https://github.com/sigstore/sigstore-go/blob/d…
-
## Background
Sigstore created a common format in [sigstore/protobuf-specs](https://github.com/sigstore/protobuf-specs/blob/main/protos/sigstore_bundle.proto) for the output from Sigstore clients. …
-
I've noticed that this project is using skopeo to copy images, that's very cool!
Would be great if this project supported validating and copying sigstore signatures as well.
Skopeo utilizes this c…
-
**Is your feature request related to a problem? Please describe.**
At present, the container images being published lack both [docker content trust](https://docs.docker.com/engine/security/trust/) an…
-
**Is your feature request related to a problem? Please describe.**
As a user of Thoth, I would like to make sure releases of thamos are signed so that I can be sure about advises it provides to me.…
-
Add JSON Examples related to key formats described by https://sigstore.dev/
-
**Description**
Just noticed some resource warnings while unittesting. Here's a reproducer for bash on macOS:
```python
$ python -Wdefault from sigstore.oidc import Issuer
> from sigstore.s…
-
SPIRE depends on the `github.com/sigstore/rekor` Go module for using Rekor APIs. This causes some maintenance-related challenges with dependency management because that project is designed to provide …
-
**Description**
[`github.com/sigstore/cosign/cmd/cosign/cli/fulcio/fulcioroots`](https://pkg.go.dev/github.com/sigstore/cosign/cmd/cosign/cli/fulcio/fulcioroots) contains methods to get `x509.CertP…