Software, services, and proposals I’m tracking for supply chain security.
certstrap
— Certificate signing and key managementhttps://github.com/square/certstrap
cosign
— Container Signinghttps://github.com/sigstore/cosign
Simple tool for signing and verifying containers. Can also be used for other types of data.
Basic Usage:
# Generate a key pair
$ cosign generate-key-pair
# Sign an image
$ cosign sign --key cosign.key <image>
# Verify a signature
$ cosign verify --key cosign.pub <image>
https://github.com/sigstore/rekor