Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

awesome-code-signing

Curated List of Code signing stuff to secure your software supply chain
https://github.com/marcofranssen/awesome-code-signing

Last synced: about 6 hours ago
JSON representation

Presentations
- Intro TUF/Notary - Justin Cappos, NYU & Justin Cormack, Docker - Introduction to TUF and Notary which implements TUF
- Introduction to Notary - Justin Cormack, Docker - Introduction to Notary
- A Docker Image walks into Notary - Diogo Mónica - Howto use notary in conjunction with Docker
Articles / Blogs
- Signing Docker images using Docker Content Trust - Howto use Docker Content Trust to sign your images
- Guarding against supply chain attacks—Part 3: How software becomes compromised
PGP
- Backup your PGP keys with GPG - Blog explaining backup and restore of PGP keys
- 2factor PGP keys using Krypton - Blog on setting up PGP and SSH using Krypton (includes 2fa)
- Keybase GPG Git - Guide to manage gpg with keybase and setup Git commit signing
Repositories
- The Update Framework - Specification - The Update Framework specification
- Docker - CLI - Contains the `docker trust` cli implementation
- DCT Notary admin - A tool to manage signing certificates and TUF delegations.
- CNAB.io - Signy - Implementation of CNAB security spec using Notary and in-toto
- in-toto - in-toto - Framework to protect integrity of software supply chain
- The Update Framework - Notary - A Go implementation of TUF

Programming Languages