-
Hi there
I happened to notice your cleanup task. It seems to be using a variant of the sigstore that I don't think it accounts for in the ghcr-cleanup-action.
deleting package id: 147574249 dige…
-
**Description**
We can develop kubectl plugin of cosign which makes it easier to use cosign for Kubernetes people. We can simply spin up pods in Kubernetes that are using cosign in a container, eve…
-
### Problem
Cosign's module dependencies are pretty heavy.
Its [go.mod](https://github.com/sigstore/cosign/blob/f005e25466c3b6954546b718ce3a56d0efd6ec2b/go.mod) currently transitively depends on…
-
**Description**
I have a GitHub Action that builds and signs an image and pushes it to GHCR and DockerHub. I verify the signatures in the same action. The verification for the image happens instant…
-
**What is the problem you're trying to solve?.**
As of https://github.com/runfinch/finch/commit/84c2634b7c1226ba9746d0cda4d22ec571454160, the Finch OS image includes Cosign by default to support sign…
-
SPIRE depends on the `github.com/sigstore/rekor` Go module for using Rekor APIs. This causes some maintenance-related challenges with dependency management because that project is designed to provide …
-
https://github.com/sigstore/cosign
-
This issue is meant to capture what integrations between cosign/keyless signatures/rekor and RPMs are desired by the community. Some of these may eventually become enhancement requests either in this …
-
### Description
It would be great if support for signing images with cosign was added to the plugin.
https://github.com/sigstore/cosign/blob/main/KEYLESS.md
### Info
https://github.com/sigst…
-
**Description**
Different parts of code use different libraries for JSON canonicalization.
**Examples:**
https://github.com/sigstore/sigstore-rs/blob/d5ba303182318495a081d1c4ad50d5c27be015cc/…