Securing Supply Chain

This repo is based from: https://github.com/ThomasVitale/supply-chain-security-java

Verifying policies for signatures and provenance

Verifying the signature on an OCI image

cosign verify \
   --certificate-identity-regexp https://github.com/vincenzo-racca-pa \
   --certificate-oidc-issuer https://token.actions.githubusercontent.com \
   ghcr.io/vincenzo-racca-pa/sec-supply-chain | jq

Verifying the SLSA provenance for an OCI image

IMAGE=ghcr.io/vincenzo-racca-pa/sec-supply-chain
IMAGE="${IMAGE}@"$(crane digest "${IMAGE}")
slsa-verifier verify-image "$IMAGE" \
  --source-uri github.com/vincenzo-racca-pa/sec-supply-chain \
  --print-provenance | jq

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
.github/workflows		.github/workflows
.mvn/wrapper		.mvn/wrapper
src		src
.gitignore		.gitignore
Dockerfile		Dockerfile
README.md		README.md
mvnw		mvnw
mvnw.cmd		mvnw.cmd
pom.xml		pom.xml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Securing Supply Chain

Verifying policies for signatures and provenance

Verifying the signature on an OCI image

Verifying the SLSA provenance for an OCI image

About

Uh oh!

Releases

Packages

Uh oh!

Uh oh!

Languages

vincenzo-racca-pa/sec-supply-chain

Folders and files

Latest commit

History

Repository files navigation

Securing Supply Chain

Verifying policies for signatures and provenance

Verifying the signature on an OCI image

Verifying the SLSA provenance for an OCI image

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Uh oh!

Languages

Packages