Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better define sigstores purpose #52

Merged
merged 1 commit into from
May 6, 2021
Merged

Better define sigstores purpose #52

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 10 additions & 3 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,16 @@
# sigstore signing CLI tool
# sigstore framework and signing CLI tool

> :warning: Not ready for use yet!

sigstore CLI is a generic tool to sign blobs, tarballs etc and establish
a trust root using the sigstore signing infrastructure
sigstore/sigstore is a generic library that is utilized by various other
clients and projects inc fulcio (webPKI), cosign (container and OCI signing tool)
and tektoncd/chains (Supply Chain Security in Tekton Pipelines).

sigstore is also good candidate for anyone wanting to develop go based clients / systems
and utilise exiting go modules for common sigstore functionality.

It also used as a general CLI signing tool for certificate requests from Fulcio
and storing of artifacts into rekor.

## Security

Expand Down