cosign▌
3 indexed skills · max 10 per page
implementing-sigstore-for-software-signing
mukul975/Anthropic-Cybersecurity-Skills · implementing-sigstore-for-software-signing
Implements Sigstore-based software signing and verification using Cosign keyless signing, Rekor transparency log verification, and Fulcio certificate authority integration to establish cryptographic provenance for container images, binaries, and software artifacts. The practitioner configures OIDC-based identity binding, verifies signing events against the Rekor transparency log, and integrates signing workflows into CI/CD pipelines. Activates for requests involving software supply chain signing, keyless container signing, Sigstore deployment, or artifact provenance verification.
securing-container-registry-images
mukul975/Anthropic-Cybersecurity-Skills · securing-container-registry-images
Securing container registry images by implementing vulnerability scanning with Trivy and Grype, enforcing image signing with Cosign and Sigstore, configuring registry access controls, and building CI/CD pipelines that prevent deploying unscanned or unsigned images.
implementing-image-provenance-verification-with-cosign
mukul975/Anthropic-Cybersecurity-Skills · implementing-image-provenance-verification-with-cosign
Sign and verify container image provenance using Sigstore Cosign with keyless OIDC-based signing, attestations, and Kubernetes admission enforcement.