Repositories list

• secure-sign-operator

  Public
  Kubernetes Operator for deploying and managing Sigstore components like Fulcio, Rekor, TSA, and TUF.

  certificate-transparencyoperatorsigstore+ 1rekor

  Go

  •

  Apache License 2.0

  •23•7•0•25•Updated Nov 7, 2025Nov 7, 2025

• policy-controller-operator

  Public
  A helm based operator for deploying and managing instances of the sigstore policy controller on kubernetes

  Go

  •

  Apache License 2.0

  •0•0•0•3•Updated Nov 7, 2025Nov 7, 2025

• rekor-monitor

  Public

  securesign/rekor-monitor’s past year of commit activity
  Log monitor for Rekor to verify immutability and monitor entries

  Go

  •

  Apache License 2.0

  •33•0•0•4•Updated Nov 7, 2025Nov 7, 2025

• gitsign

  Public
  Keyless Git signing using Sigstore

  Go

  •

  Apache License 2.0

  •72•0•1•5•Updated Nov 7, 2025Nov 7, 2025

• cosign

  Public

  securesign/cosign’s past year of commit activity
  Container Signing

  Go

  •

  Apache License 2.0

  •649•0•2•5•Updated Nov 7, 2025Nov 7, 2025

• policy-controller

  Public
  Sigstore Policy Controller - an admission controller that can be used to enforce policy on a Kubernetes cluster based on verifiable supply-chain metadata from cosign

  Go

  •

  Other

  •67•0•0•2•Updated Nov 7, 2025Nov 7, 2025

• certificate-transparency-go

  Public

  securesign/certificate-transparency-go’s past year of commit activity
  Auditing for TLS certificates (Go code)

  Go

  •

  Apache License 2.0

  •279•0•0•4•Updated Nov 7, 2025Nov 7, 2025

• rekor

  Public
  Software Supply Chain Transparency Log

  Go

  •

  Apache License 2.0

  •188•0•0•7•Updated Nov 7, 2025Nov 7, 2025

• timestamp-authority

  Public

  securesign/timestamp-authority’s past year of commit activity
  RFC3161 Timestamp Authority

  Go

  •

  Apache License 2.0

  •48•0•0•5•Updated Nov 7, 2025Nov 7, 2025

• fulcio

  Public
  Sigstore OIDC PKI

  Go

  •

  Apache License 2.0

  •160•1•0•5•Updated Nov 7, 2025Nov 7, 2025

• rhtas-console

  Public
  Go

  •

  Apache License 2.0

  •2•1•0•3•Updated Nov 7, 2025Nov 7, 2025

• segment-backup-job

  Public
  Python

  •8•0•0•22•Updated Nov 7, 2025Nov 7, 2025

• artifact-signer-ansible

  Public
  Ansible Collection for RHTAS

  Jinja

  •

  Apache License 2.0

  •6•6•0•10•Updated Nov 7, 2025Nov 7, 2025

• pipelines

  Public
  Red Hat Trusted Artifact Signer's Konflux Build Pipelines

  Dockerfile

  •

  Apache License 2.0

  •3•0•0•3•Updated Nov 6, 2025Nov 6, 2025

• rhtas-console-ui

  Public
  A web-based UI for interacting with the Red Hat Trusted Artifact Signer (TAS) ecosystem. It provides user-friendly workflows for retrieving, verifying, and monitoring signed software artifacts, integrating with Sigstore services like Rekor, Fulcio, and TUF.

  software-supply-chainsigstoresoftware-supply-chain-security

  TypeScript

  •

  Apache License 2.0

  •4•0•1•9•Updated Nov 6, 2025Nov 6, 2025

• sigstore-e2e

  Public
  Go

  •1•0•0•0•Updated Nov 6, 2025Nov 6, 2025

• trillian

  Public
  A transparent, highly scalable and cryptographically verifiable data store.

  Go

  •

  Apache License 2.0

  •415•0•0•12•Updated Nov 6, 2025Nov 6, 2025

• rekor-search-ui

  Public
  Search Rekor for entries

  transparency-logrekorsecure-supply-chain

  TypeScript

  •

  Apache License 2.0

  •33•0•0•9•Updated Nov 6, 2025Nov 6, 2025

• model-validation-operator

  Public
  Kubernetes controller to validate AI models

  Go

  •

  Apache License 2.0

  •8•0•0•5•Updated Nov 6, 2025Nov 6, 2025

• model-transparency

  Public
  Supply chain security for ML

  Python

  •

  Apache License 2.0

  •52•0•0•2•Updated Nov 6, 2025Nov 6, 2025

• fbc

  Public
  File-based Catalogs

  Shell

  •

  Apache License 2.0

  •7•0•1•6•Updated Nov 5, 2025Nov 5, 2025

• tough

  Public

  securesign/tough’s past year of commit activity
  Rust libraries and tools for using and generating TUF repositories

  Rust

  •64•0•0•6•Updated Nov 4, 2025Nov 4, 2025

• structural-tests

  Public

  securesign/structural-tests’s past year of commit activity
  Securesign project structural and acceptance tests

  Go

  •

  Apache License 2.0

  •0•0•0•0•Updated Oct 23, 2025Oct 23, 2025

• trusted-foundations

  Public
  open-sourcesupply-chain-securitysigstore

  MDX

  •

  Apache License 2.0

  •0•2•0•5•Updated Oct 20, 2025Oct 20, 2025

• sigstore-python

  Public
  A Sigstore client written in Python

  Python

  •

  Other

  •63•0•0•0•Updated Aug 19, 2025Aug 19, 2025

• renovate-config

  Public

  securesign/renovate-config’s past year of commit activity
  0•0•0•1•Updated Jul 22, 2025Jul 22, 2025

• quickstarts

  Public
  Red Hat Trusted Artifact Signer's quickstarts

  Makefile

  •

  Apache License 2.0

  •0•2•0•0•Updated Jul 17, 2025Jul 17, 2025

• actions

  Public

  securesign/actions’s past year of commit activity
  A Github repo that stores all of securesigns reusable Github actions.

  3•0•0•0•Updated Apr 25, 2025Apr 25, 2025

• scaffolding

  Public archive
  Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.

  HCL

  •

  Apache License 2.0

  •63•0•0•18•Updated Apr 3, 2025Apr 3, 2025

• demo-resources

  Public
  OpenShift resources to use when demoing or testing out RHTAS

  Apache License 2.0

  •0•0•0•0•Updated Apr 1, 2025Apr 1, 2025