commit hash is signed using cosign. Signature is written to git object note.

This is just a proof-of-concept project that aims to sign and verify container images using cosign and OPA (Open Policy Agent)

Stream, Mutate and Sign Images with AWS Lambda and ECR

Example code repo for blog post https://chainguard.dev/posts/2022-01-07-cosign-aws-codepipeline

A demonstration of how GoReleaser can help us to make software supply chain more secure by using bunch of tools such as cosign, syft, grype, slsa-provenance

Container Image Signing & Verifying on Ethereum [Testnet]

Supply Chain Security does not need to be difficult

Docker image for Cosign using alpine linux as base image.

AWS Pipelines utilizing Cosign to sign and verify containerized images.

Pumped Kaniko Container Image for Continuous Integration

Use cosign to secure your container images using Github actions

A demo repository that demonstrates you can use cosign to verify the integrity of the Helm charts stored as OCI Artifacts reconciled with Flux

Proof of concept that uses cosign and GitHub's in built OIDC for actions to sign container images, providing a proof that what is in the registry came from your GitHub action.

A how-to guide for testing cosign on Google Kubernetes Engine.

Demo to showcase how to build a golang application using ko. Sign and push the image to the container registry using https://sigstore.dev. Apply policy controller on Kubernetes to allow only signed images.

Custom Google Cloud Build step to crate a Software Bill of Materials (SBOM) and Binary Authorization attestation.

Deterministic container hashes and container signing using Cosign, Kaniko and Google Cloud Build

A Multi-Featured Light Kubernetes command-line tool

Cosign CircleCI orb. To learn more about cosign visit the GitHub repo

Sign your artifacts, source code or container images using Sigstore tools, Save the Signatures you want to use, and Validate & Control the deployments to allow only the known Sources based on Signatures, Maintainers & other payloads automatically.