Kernel-enforced agent sandbox. Capability-based isolation with secure key management, atomic rollback, cryptographic immutable audit chain of provenance. Run your agents in a zero-trust environment.

Keyless Git signing using Sigstore

Common go library shared across sigstore services and clients

An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster

Supply chain security for ML

An experimental Rust crate for sigstore

sigstore the hard way!

Enabling Software Supply Chain Security Capabilities in ArgoCD

Go library for Sigstore signing and verification

🔮 ✈️ to integrate OPA Gatekeeper's new ExternalData feature with cosign to determine whether the images are valid by verifying their signatures

A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.

The Anti-Virus for AI Artifacts & RAG Firewall. A static analysis tool scanning Models and Notebooks for RCE, Datasets and RAG docs for Data Poisoning, PII, and Prompt Injections. Secure your AI Supply Chain.

Plugin for Helm to integrate the sigstore ecosystem

PDF signing utility supporting GPG and Sigstore (Google, GitHub, Microsoft accounts / keyless OIDC) signatures, multi-party signing, making it easy to sign and verify documents without heavyweight PDF signing stacks, making your PDFs authentic, tamper-proof, fully compatible with regular readers; all while costing zero-dollars to use.

Example goreleaser + github actions config with keyless signing, SBOM generation, and attestations

🔴🟡🟢 The Amazing Multipurpose Policy Engine (and L)

🔍 Rekor transparency log monitoring and alerting

Kubernetes admission webhook that uses cosign verify to check the subject and issuer of the image matches what you expect

Software signing just got easier

Transparenty Immutable Container Image Tags