OPA Ecosystem / Integrations / Container Signing, Verification and Storage in an OCI registry

Container Signing, Verification and Storage in an OCI registry

Cosign is a tool for container image signing and verifying maintained under the Project Sigstore in collaboration with the Linux Foundation. Among other features, Cosign supports KMS signing, built-in binary transparency, and timestamping service with Rekor and Kubernetes policy enforcement.

Code & Repos

https://docs.sigstore.dev/cosign/attestation#validate-in-toto-attestations
https://github.com/sigstore/cosign-gatekeeper-provider

Related Software

Cosign in the OPA Ecosystem
- github.com/sigstore/cosign

Inventors

Sigstore in the OPA Ecosystem
- sigstore.dev/

Labels

Category	security
Layer	application

Do you have an OPA-based project or integration to share? Follow these instructions to get it listed or go to the #ecosystem channel in the OPA Slack if you have any questions.