SaaSHub helps you find the best software and product alternatives Learn more ā
Cosign Alternatives
Similar projects and alternatives to cosign
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
speedtest
Self-hosted Speed Test for HTML5 and more. Easy setup, examples, configurable, mobile friendly. Supports PHP, Node, Multiple servers, and more
-
-
-
trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
-
kubescape
Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources.
-
Zabbix
Real-time monitoring of IT components and services, such as networks, servers, VMs, applications and the cloud.
-
-
-
Lean and Mean Docker containers
Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
-
-
syft
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
-
-
-
dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
-
-
-
in-toto-golang
A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.
-
connaisseur
An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster
-
cosign discussion
cosign reviews and mentions
-
Securing CI/CD Images with Cosign and OPA
Cosign: In this context, Cosign from the Sigstore project offers a compelling solution. Its simplicity, registry compatibility, and effective link between images and their signatures provide a user-friendly and versatile approach. The integration of Fulcio for certificate management and Rekor for secure logging enhances Cosign's appeal, making it particularly suitable for modern development environments that prioritize security and agility.
-
An Overview of Kubernetes Security Projects at KubeCon Europe 2023
sigstore is another suite of tools that focuses on attestation and provenance. Within the suite are two tools I heard mentioned a few times at KubeCon: Cosign and Rekor.
-
Spin 1.0 ā The Developer Tool for Serverless WebAssembly
Since we can distribute Spin applications using popular registry services, we can also take advantage of ecosystem tools such as Sigstore and Cosign, which address the software supply chain issue by signing and verifying applications using Sigstore's new keyless signatures (using OIDC identity tokens from providers such as GitHub).
-
Iron Bank: Secure Registries, Secure Containers
Use distroless images (which contain only application and its runtime dependencies, and don't include package managers/shells or any other programs you would expect to find in a standard Linux distribution). All distroless images are signed by cosign.
-
Getting hands on with Sigstore Cosign on AWS
$ COSIGN_EXPERIMENTAL=1 cosign verify-blob --cert https://github.com/sigstore/cosign/releases/download/v1.13.1/cosign-linux-amd64-keyless.pem --signature https://github.com/sigstore/cosign/releases/download/v1.13.1/cosign-linux-amd64-keyless.sig https://github.com/sigstore/cosign/releases/download/v1.13.1/cosign-linux-amd64
-
How much are you 'trusting' a docker image from hub.docker.com?
Another thing to look for is, whether the image is signed using something like cosign (https://github.com/sigstore/cosign). This lets the publisher digitally sign the image, so you at least know that what's on the registry is what they intended to put there. Handy to avoid the risks of attackers squatting similar names and catching typos.
-
What security controls to prevent someone from pushing arbitrary code into production?
iām late but surprised no one has mentioned cosign
- Docker build fails on GitHub Action after net7 update
-
How to tag base image so images built from it can be tracked
After inspecting the layers i think you should start thinking about signing your images: https://github.com/sigstore/cosign/
-
Understanding Kubernetes Limits and Requests
cosign
-
A note from our sponsor - SaaSHub
www.saashub.com | 15 Oct 2024
Stats
sigstore/cosign is an open source project licensed under Apache License 2.0 which is an OSI approved license.
The primary programming language of cosign is Go.