Batuhan Apaydın
Batuhan Apaydın
Signed-off-by: Batuhan Apaydın cc: @wagoodman
**What would you like to be added**: **Why is this needed**: ArtifactHub has a new feature called Container images repositories. I would like to add Syft container image to ArtifactHub...
Signed-off-by: Batuhan Apaydın
**What would you like to be added**: We (w/@dentrax) encountered the following error when we export an OCI layout into a directory with skopeo tool: ```sh $ skopeo copy docker://docker.io/alpin:3.16...
**What would you like to be added**: cosign supports attaching SBOMs to OCI registries[^1] (also has a spec for it [^2]), so we (w/@dentrax) thought that it would be nice...
https://github.com/goreleaser/supply-chain-example
Where cosign shines is storing signatures, attestations in a transparency log server called Rekor without requiring public/private key pairs. It provides a publicly auditable software supply chain for people who...
in-toto attestation is a record format for defining your software supply chain based on JSON documents. You can reach out to the official repository [here](https://github.com/in-toto/attestation). In [cosign](https://github.com/sigstore/cosign), we worked on...
Hi, we (w/@dentrax) thought that it'd be nice to add the ability to sign Rego policies before pushing them to the OCI registry by using the `cosign`[^1] project under the...
This issue is based on the conversation in Slack: https://openpolicyagent.slack.com/archives/CDTN970AX/p1628080547007600 Let's assume that I'm a Kubernetes Administrator and I want to enforce some organizational policies across Kubernetes environments. But before...