GitHub - SignPath/demo-cosign

This is a demo repository showcasing signing Container images with Sigstore Cosign using SignPath.io.

The sample workflow can be viewed at .github/workflows/build-and-sign.yml.

It uses the following artifact configuration XML:

<?xml version="1.0" encoding="utf-8" ?>
<artifact-configuration xmlns="http://signpath.io/artifact-configuration/v1">
  <!-- As there will be multiple output files, a zip-file container needs to be specified as a root element -->
  <zip-file>
    <file path="payload.json">
      <!--
          Support hash algorithms are "sha256", "sha384" and "sha512".
          "rsa-padding" must be provided for RSA keys. Allowed values are "pkcs1" and "pss".
      -->
      <create-raw-signature hash-algorithm="sha256" rsa-padding="pkcs1" file-name="payload.json.sig"/>
    </file>
  </zip-file>
</artifact-configuration>

Name		Name	Last commit message	Last commit date
Latest commit History 15 Commits
.github/workflows		.github/workflows
src		src
README.md		README.md
attach-signature.sh		attach-signature.sh
create-metadata-file.sh		create-metadata-file.sh
verify.sh		verify.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

About

Uh oh!

Releases

Packages

Uh oh!

Languages

SignPath/demo-cosign

Folders and files

Latest commit

History

Repository files navigation

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Languages

Packages