{"id":19828814,"url":"https://github.com/kube-tarian/sigrun","last_synced_at":"2025-05-01T14:32:48.735Z","repository":{"id":37887601,"uuid":"382960409","full_name":"kube-tarian/sigrun","owner":"kube-tarian","description":"Sign your artifacts, source code or container images using Sigstore tools, Save the Signatures you want to use, and Validate \u0026 Control the deployments to allow only the known Sources based on Signatures, Maintainers \u0026 other payloads automatically.","archived":false,"fork":false,"pushed_at":"2023-07-30T09:55:33.000Z","size":722,"stargazers_count":12,"open_issues_count":24,"forks_count":3,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-07-30T19:43:51.812Z","etag":null,"topics":["artifacts","container-security","containers","containersecurity","cosign","fulcio","gatekeeper","kubernetes","kubernetes-security","kubernetessecurity","opa","open-policy-agent","pods","policy-as-code","rekor","signature","signature-verification","sigstore"],"latest_commit_sha":null,"homepage":"https://sigrun.dev","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kube-tarian.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"docs/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-07-04T22:31:58.000Z","updated_at":"2023-12-05T04:22:46.000Z","dependencies_parsed_at":"2023-01-21T12:33:13.511Z","dependency_job_id":null,"html_url":"https://github.com/kube-tarian/sigrun","commit_stats":null,"previous_names":["devopstoday11/sigrun"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kube-tarian%2Fsigrun","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kube-tarian%2Fsigrun/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kube-tarian%2Fsigrun/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kube-tarian%2Fsigrun/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kube-tarian","download_url":"https://codeload.github.com/kube-tarian/sigrun/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224261931,"owners_count":17282267,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["artifacts","container-security","containers","containersecurity","cosign","fulcio","gatekeeper","kubernetes","kubernetes-security","kubernetessecurity","opa","open-policy-agent","pods","policy-as-code","rekor","signature","signature-verification","sigstore"],"created_at":"2024-11-12T11:16:54.219Z","updated_at":"2024-11-12T11:16:54.317Z","avatar_url":"https://github.com/kube-tarian.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SigRun \u003cimg src=\"/sigrun1.png\" width=\"300\" height=\"300\"\u003e \nSign your artifacts source code or container images using Sigstore chain of tools \u0026 Known Container Image Build tools, Save the Signatures you want to use within your Infra, and Validate \u0026amp; Control the deployments to allow only the known Signatures. Shift-left your supply chain security!\n\u003e What's with the Name (in case if you are curious)?\n\u003e You can think of multiple ways. It has a flexible interpretation, like Signatures for Runtime or Runtime Signatures or Sign Software for Runtime use. Whatever you want to imagine! :smiley: \n#\n\n### Install\n\n##### Dependencies\nBefore installing the application the following dependencies need to be installed:\n1. Kubernetes command line application `kubectl`\n2. Golang version greater than 1.16\n\n```\ngo install cmd/sigrun/sigrun.go\n```\n\n### Usage\n```\nsigrun --help\n```\nPlease refer to [this](./docs/USAGE.md) for information about basic flow.\n\n##### Purpose:\nTo make it easy to use SigStore chain of tools. Make the Supply Chain Security for Software adoption easy. \n#\n##### Usage feasibility:\nLocal, CI/CD pipelines, K8s Clusters, VMs. \n#\n#### Features:\n- Using Sigstore tools in your Infra for Air-Gap offline usage via your CI/CD Pipeline\n- Sign your artifacts, container images, files, packages, etc. automatically along with their sha256 digest creation \u0026 saving into ledger\n- Private \u0026 Public key-pair generator (Cosign, GPG, and more in future) for signing \n- Keyless signing \n- Save your artifacts signatures to certain ledger storage\n- Save your container image signatures to certain ledger storage\n- Validate Signatures using Storage location of Signatures\n- Control deployments to allow only known Signatures using our Custom Admission Controller or OPA/Kyverno/Gatekeeper\n- Vault Integration to save Keys if you prefer to save private key(s) \n- CI/CD Tools integration\n- Integration with tools like Buildpacks, Buildah, Source2Image, Kaniko, Skaffold, Docker Build, Podman, etc. \n- OIDC/Dex embeded for Login \n- Vulnerability Scanning of your container images\n- Integrate with Non-Profit SigStore public services/tools\n- Integrate with Syft for Software Bill of Materials (SBOM) [github.com/anchore/syft]\n- Integrate with Package Hunter by Gitlab [gitlab.com/gitlab-org/security-products/package-hunter]\n- \n\n\n#\n\n## Contributing\nSee [docs/contributing.md](docs/CONTRIBUTING.md)\n\n## Code of Conduct\nSee [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md)\n\n## CodeOwners \u0026 Maintainers list\nSee [MAINTAINERS.md](MAINTAINERS.md)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkube-tarian%2Fsigrun","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkube-tarian%2Fsigrun","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkube-tarian%2Fsigrun/lists"}