1 Repo
Uploads WebAssembly modules to an OCI registry, signs them, and verifies their signatures to ensure integrity and provenance.
Distinct from Signed Binary Modules: Distinct from Signed Binary Modules: specifically targets WebAssembly modules stored in OCI registries, not general binary extensions.
Explore 1 awesome GitHub repository matching operating systems & systems programming · WebAssembly Module Signings. Refine with filters or upvote what's useful.
Cosign is a tool for signing and verifying software artifacts, primarily those stored in OCI-compatible registries such as container images, Helm charts, SBOMs, and Tekton bundles. It supports keyless signing using ephemeral keys and short-lived certificates from the Sigstore public-good infrastructure, associating signatures with an OpenID Connect identity rather than a long-lived cryptographic key. The project provides multiple signing and verification methods, including private keys, key pairs stored in KMS providers like AWS KMS and Azure Key Vault, and hardware security keys. It can sign
Signs and verifies WebAssembly modules stored in OCI registries for integrity and provenance.