https://deploy-preview-426--docssigstore.netlify.app/quickstart/Recent content in Quickstart onHugo -- gohugo.ioTue, 06 Oct 2020 08:49:15 +0000https://deploy-preview-426--docssigstore.netlify.app/quickstart/quickstart-cosign/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-426--docssigstore.netlify.app/quickstart/quickstart-cosign/Join us on our Slack channel. (Need an invite?) Quickstart signing and verifying with Cosign # Cosign is a command line utility that is used to sign software artifacts and verify signatures using Sigstore. Sigstore has a number of language specific clients that you can use to build custom tooling. Although a number of the clients include a basic CLI, Cosign is the recommended tool for signing and verifying.https://deploy-preview-426--docssigstore.netlify.app/quickstart/quickstart-ci/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-426--docssigstore.netlify.app/quickstart/quickstart-ci/Join us on our Slack channel. (Need an invite?) Sigstore CI quickstart # Sigstore provides two GitHub Actions that make it easy to integrate signing and verifying into your CI system. The gh-action-sigstore-python GitHub Action provides the easiest way to generate Sigstore signatures within your CI system. It uses the Sigstore Python language client (sigstore-python), but can be used to generate Sigstore signatures regardless of your project’s language. The cosign-installer GitHub Action installs Cosign into your GitHub Action environment, making all features of Cosign available to be used within your CI System.https://deploy-preview-426--docssigstore.netlify.app/quickstart/verification-cheat-sheet/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-426--docssigstore.netlify.app/quickstart/verification-cheat-sheet/Identity Verification Cheat Sheet # Verifying identity from OIDC issuers # To verify a signature created with an OIDC issuer, you need to know the following: certificate-identity : Valid values include email address, DNS names, IP addresses, and URIs certificate-oidc-issuer: the url associated with the OIDC issuer Issuer certificate-oidc-issuer GitHub https://github.com/login/oauth GitLab https://gitlab.com Google https://accounts.google.com Microsoft https://login.microsoftonline.com If you are unsure of what values to expect, search the project’s README, documentation, or website.