DevSecOps for Air Gap & Limited-Connection Systems. https://zarf.dev/
-
Updated
Jun 21, 2024 - Go
DevSecOps for Air Gap & Limited-Connection Systems. https://zarf.dev/
Remove all the resources from an AWS account
Integrates Spiffe and Vault to have secretless authentication
An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster
Sample Go application project with supply chain security workflows conforms to the SLSA Build Level 3 specification
Example of GitHub Actions, goreleaser and cosign to release a Go based CLI program.
My collection of the Daggerverse
Example goreleaser + github actions config with keyless signing and SBOM generation
Compage - Low-Code Framework to develop Rest API, gRPC, dRPC, GraphQL, WebAssembly, microservices, FaaS, Temporal workloads, IoT and edge services, K8s controllers, K8s CRDs, K8s custom APIs, K8s Operators, K8s hooks, etc. with minimal coding and by automatically applying best practice methods like software supply chain security measures, SBOM, …
Kubernetes Validation Admission Controller to verify Cosign signatures
(landing area for upstream contributions and carried patches)
Docker Registry Authentication Made Simple
Kubernetes admission webhook that uses cosign tools Container Sign Verify
Sign your artifacts, source code or container images using Sigstore tools, Save the Signatures you want to use, and Validate & Control the deployments to allow only the known Sources based on Signatures, Maintainers & other payloads automatically.
Add a description, image, and links to the cosign topic page so that developers can more easily learn about it.
To associate your repository with the cosign topic, visit your repo's landing page and select "manage topics."