This list contains a bunch of helpfull resources related to Code signing. E.g. Docker Content Trust, Notary and PGP.
- Intro TUF/Notary - Justin Cappos, NYU & Justin Cormack, Docker - Introduction to TUF and Notary which implements TUF
- Introduction to Notary - Justin Cormack, Docker - Introduction to Notary
- A Docker Image walks into Notary - Diogo Mónica - Howto use notary in conjunction with Docker
- Guarding against supply chain attacks—Part 3: How software becomes compromised
- Signing Docker images using Docker Content Trust - Howto use Docker Content Trust to sign your images
- The Update Framework - Specification - The Update Framework specification
- The Update Framework - Notary - A Go implementation of TUF
- Docker - CLI - Contains the
docker trust
cli implementation - DCT Notary admin - A tool to manage signing certificates and TUF delegations.
- CNAB.io - Signy - Implementation of CNAB security spec using Notary and in-toto
- in-toto - in-toto - Framework to protect integrity of software supply chain
- Keybase GPG Git - Guide to manage gpg with keybase and setup Git commit signing
- Backup your PGP keys with GPG - Blog explaining backup and restore of PGP keys
- 2factor PGP keys using Krypton - Blog on setting up PGP and SSH using Krypton (includes 2fa)