Repositories list

• trillian

  Public
  A transparent, highly scalable and cryptographically verifiable data store.

  Go

  •

  Apache License 2.0

  •427•0•0•27•Updated Feb 4, 2026Feb 4, 2026

• rekor-search-ui

  Public
  Search Rekor for entries

  transparency-logrekorsecure-supply-chain

  TypeScript

  •

  Apache License 2.0

  •35•0•0•14•Updated Feb 4, 2026Feb 4, 2026

• cosign

  Public
  Container Signing

  Go

  •

  Apache License 2.0

  •687•0•2•11•Updated Feb 4, 2026Feb 4, 2026

• rekor

  Public
  Software Supply Chain Transparency Log

  Go

  •

  Apache License 2.0

  •197•0•0•13•Updated Feb 4, 2026Feb 4, 2026

• timestamp-authority

  Public
  RFC3161 Timestamp Authority

  Go

  •

  Apache License 2.0

  •54•0•0•8•Updated Feb 4, 2026Feb 4, 2026

• certificate-transparency-go

  Public
  Auditing for TLS certificates (Go code)

  Go

  •

  Apache License 2.0

  •290•0•0•9•Updated Feb 4, 2026Feb 4, 2026

• gitsign

  Public
  Keyless Git signing using Sigstore

  Go

  •

  Apache License 2.0

  •75•0•1•8•Updated Feb 4, 2026Feb 4, 2026

• fulcio

  Public
  Sigstore OIDC PKI

  Go

  •

  Apache License 2.0

  •168•1•0•6•Updated Feb 4, 2026Feb 4, 2026

• rhtas-console

  Public

  securesign/rhtas-console’s past year of commit activity
  Go

  •

  Apache License 2.0

  •2•1•0•1•Updated Feb 4, 2026Feb 4, 2026

• secure-sign-operator

  Public
  Kubernetes Operator for deploying and managing Sigstore components like Fulcio, Rekor, TSA, and TUF.

  certificate-transparencyoperatorsigstore+ 1rekor

  Go

  •

  Apache License 2.0

  •23•10•0•27•Updated Feb 4, 2026Feb 4, 2026

• policy-controller

  Public
  Sigstore Policy Controller - an admission controller that can be used to enforce policy on a Kubernetes cluster based on verifiable supply-chain metadata from …

  Go

  •

  Other

  •70•0•0•1•Updated Feb 4, 2026Feb 4, 2026

• rekor-monitor

  Public

  securesign/rekor-monitor’s past year of commit activity
  Log monitor for Rekor to verify immutability and monitor entries

  Go

  •

  Apache License 2.0

  •34•0•0•6•Updated Feb 4, 2026Feb 4, 2026

• artifact-signer-ansible

  Public
  Ansible Collection for RHTAS

  Jinja

  •

  Apache License 2.0

  •6•6•0•7•Updated Feb 4, 2026Feb 4, 2026

• segment-backup-job

  Public
  Python

  •8•0•0•19•Updated Feb 4, 2026Feb 4, 2026

• fbc

  Public
  File-based Catalogs

  Shell

  •

  Apache License 2.0

  •7•0•1•6•Updated Feb 3, 2026Feb 3, 2026

• policy-controller-operator

  Public

  securesign/policy-controller-operator’s past year of commit activity
  A helm based operator for deploying and managing instances of the sigstore policy controller on kubernetes

  Go

  •

  Apache License 2.0

  •0•0•0•3•Updated Feb 3, 2026Feb 3, 2026

• model-validation-operator

  Public
  Kubernetes controller to validate AI models

  Go

  •

  Apache License 2.0

  •10•0•0•4•Updated Feb 3, 2026Feb 3, 2026

• quickstarts

  Public
  Red Hat Trusted Artifact Signer's quickstarts

  Makefile

  •

  Apache License 2.0

  •0•2•0•2•Updated Feb 3, 2026Feb 3, 2026

• tough

  Public
  Rust libraries and tools for using and generating TUF repositories

  Rust

  •65•0•0•8•Updated Feb 3, 2026Feb 3, 2026

• pipelines

  Public
  Red Hat Trusted Artifact Signer's Konflux Build Pipelines

  Dockerfile

  •

  Apache License 2.0

  •4•0•0•5•Updated Feb 2, 2026Feb 2, 2026

• rhtas-console-ui

  Public
  A web-based UI for interacting with the Red Hat Trusted Artifact Signer (TAS) ecosystem. It provides user-friendly workflows for retrieving, verifying, and moni…

  software-supply-chainsigstoresoftware-supply-chain-security

  TypeScript

  •

  Apache License 2.0

  •4•0•0•16•Updated Feb 2, 2026Feb 2, 2026

• model-transparency

  Public
  Supply chain security for ML

  Python

  •

  Apache License 2.0

  •58•0•0•2•Updated Feb 2, 2026Feb 2, 2026

• structural-tests

  Public
  Securesign project structural and acceptance tests

  Go

  •

  Apache License 2.0

  •0•0•0•1•Updated Jan 30, 2026Jan 30, 2026

• sigstore-e2e

  Public
  Go

  •1•0•0•0•Updated Jan 23, 2026Jan 23, 2026

• rhtas-benchmark

  Public
  Automated infrastructure and tooling for performance benchmarking and analysis of Red Hat Trusted Artifact Signer (RHTAS).)

  Jinja

  •

  Apache License 2.0

  •0•0•0•0•Updated Nov 26, 2025Nov 26, 2025

• trusted-foundations

  Public
  open-sourcesupply-chain-securitysigstore

  MDX

  •

  Apache License 2.0

  •0•2•0•5•Updated Oct 20, 2025Oct 20, 2025

• sigstore-python

  Public
  A Sigstore client written in Python

  Python

  •

  Other

  •72•0•0•0•Updated Aug 19, 2025Aug 19, 2025

• renovate-config

  Public
  1•0•0•2•Updated Jul 22, 2025Jul 22, 2025

• actions

  Public
  A Github repo that stores all of securesigns reusable Github actions.

  3•0•0•0•Updated Apr 25, 2025Apr 25, 2025

• scaffolding

  Public archive
  Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.

  HCL

  •

  Apache License 2.0

  •63•0•0•18•Updated Apr 3, 2025Apr 3, 2025