{"id":18657607,"url":"https://github.com/cr0hn/docker-signatures","last_synced_at":"2026-02-09T16:31:13.575Z","repository":{"id":57423322,"uuid":"400801107","full_name":"cr0hn/docker-signatures","owner":"cr0hn","description":"Docker signatures ensure that a Docker Image has all signatures","archived":false,"fork":false,"pushed_at":"2021-08-28T14:05:00.000Z","size":12,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-25T17:08:59.058Z","etag":null,"topics":["docker","docker-security","docker-signatures","docker-trusted-registry"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cr0hn.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-08-28T13:36:05.000Z","updated_at":"2021-09-02T21:29:44.000Z","dependencies_parsed_at":"2022-09-05T11:10:43.943Z","dependency_job_id":null,"html_url":"https://github.com/cr0hn/docker-signatures","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cr0hn%2Fdocker-signatures","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cr0hn%2Fdocker-signatures/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cr0hn%2Fdocker-signatures/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cr0hn%2Fdocker-signatures/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cr0hn","download_url":"https://codeload.github.com/cr0hn/docker-signatures/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248458499,"owners_count":21107088,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","docker-security","docker-signatures","docker-trusted-registry"],"created_at":"2024-11-07T07:29:09.268Z","updated_at":"2026-02-09T16:31:13.541Z","avatar_url":"https://github.com/cr0hn.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Docker-Signatures\n\nDocker signatures ensure that a Docker Image has all required signatures.\n\n# Why\n\nThis project helps you to parse \"Docker trust inspect\" command and checks if all the signatures you need are included in the Docker Image\n\n# Install\n\n```python\n\u003e pip install docker-signatures\n```\n\n# Usage examples\n\n## Checking one signer\n\n```console\n\u003e docker trust inspect --pretty dtr.example.com/admin/demo:1\nSignatures for dtr.example.com/admin/demo:1\n\nSIGNED TAG          DIGEST                                                             SIGNERS\n1                   3d2e482b82608d153a374df3357c0291589a61cc194ec4a9ca2381073a17f58e   jeff\n\nList of signers and their keys for dtr.example.com/admin/demo:1\n\nSIGNER              KEYS\njeff                8ae710e3ba82\n\nAdministrative keys for dtr.example.com/admin/demo:1\n\n  Repository Key:\t10b5e94c916a0977471cc08fa56c1a5679819b2005ba6a257aa78ce76d3a1e27\n  Root Key:\t84ca6e4416416d78c4597e754f38517bea95ab427e5f95871f90d460573071fc\n```\n\nChecking if 'Paul' signature are included in Docker Image:\n\n```console\n\u003e docker trust inspect --pretty dtr.example.com/admin/demo:1 | docker-signatures Paul \n[!] Missing signer: 'Paul'\n\u003e echo $?\n1\n```\n\nChecking if 'jeff' signature are included in Docker Image: \n\n```console\n\u003e docker trust inspect --pretty dtr.example.com/admin/demo:1 | docker-signatures jeff\n\u003e echo $?\n0 \n```\n\n\n\n## Checking any number of signers\n\n```console\n\u003e docker trust inspect --pretty dtr.example.com/admin/demo:1\nSignatures for dtr.example.com/admin/demo:1\n\nSIGNED TAG          DIGEST                                                             SIGNERS\n1                   3d2e482b82608d153a374df3357c0291589a61cc194ec4a9ca2381073a17f58e   jeff\n2                   1111182b82608d153a374df3357c0291589a61cc194ec4a9ca2381073a17f58e   Joan\n\nList of signers and their keys for dtr.example.com/admin/demo:1\n\nSIGNER              KEYS\njeff                8ae710e3ba82\nJoan                8ae710e3bXXX\n\nAdministrative keys for dtr.example.com/admin/demo:1\n\n  Repository Key:\t10b5e94c916a0977471cc08fa56c1a5679819b2005ba6a257aa78ce76d3a1e27\n  Root Key:\t84ca6e4416416d78c4597e754f38517bea95ab427e5f95871f90d460573071fc\n```\n\nChecking that signatures of 'jeff' and 'Joan' are included: \n\n```console\n\u003e docker trust inspect --pretty dtr.example.com/admin/demo:1 | docker-signatures jeff Joan\n\u003e echo $?\n0 \n```\n\n    NOTE: **docker-signatures** also works with JSON output of **docker trust inspect** command.\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcr0hn%2Fdocker-signatures","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcr0hn%2Fdocker-signatures","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcr0hn%2Fdocker-signatures/lists"}