Tool

Example

Supply Chain Security

cosign-helm-chart-keyless-signing-example

by DevOpsHiveHQ

0stars

0forks

0watchers

Updated over 2 years ago

About

This tool demonstrates how to use Sigstore/Cosign for keyless signing of Helm charts to enhance supply chain security.

Example of using Sigstore/Cosign to secure Helm chart supply chain

Primary Use Case

The main use case for this tool is to provide a practical example for developers and DevOps teams looking to secure their Helm chart supply chain using keyless signing. It is particularly useful for organizations aiming to implement supply chain security best practices in their Kubernetes deployments.

Key Features

Integration with Sigstore/Cosign for signing Helm charts
Keyless signing functionality
Example GitHub Actions workflow for signing artifacts
Comprehensive blog post explaining the implementation

Installation

Clone the repository using git clone https://github.com/DevOpsHiveHQ/cosign-helm-chart-keyless-signing-example.git
Follow the instructions in the blog post for setup and configuration

Usage

>_ git clone https://github.com/DevOpsHiveHQ/cosign-helm-chart-keyless-signing-example.git

Clones the example repository to your local machine.

>_ Refer to .github/workflows/sign.yaml

Check the GitHub Actions workflow for signing Helm chart artifacts.

Security Frameworks

Supply Chain Compromise

Credential Access

Defense Evasion

Execution

Persistence

Usage Insights

Integrate with CI/CD pipelines for automated security checks on Helm charts.
Leverage GitHub Actions to enforce signing policies before deployment.
Consider using additional tools like Trivy for vulnerability scanning of Helm charts.
Establish a feedback loop for continuous improvement of signing processes.
Train DevOps teams on the importance of supply chain security and keyless signing.

Docs Take 2 Hours. AI Takes 10 Seconds.

Ask anything about cosign-helm-chart-keyless-signing-example. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.

This tool hasn't been indexed yet. Request indexing to enable AI chat.

Admin will review your request within 24 hours

Security Profile

Red Team40%

Blue Team60%

Purple Team50%

Details

Open Issues0

Topics

cosign

devsecops

helm

kubernetes

Related Tools

python-tuf

theupdateframework/python-tuf

Framework

Python reference implementation of The Update Framework (TUF)

1.7K

8 months ago

in-toto

in-toto/in-toto

Framework

in-toto is a framework to protect supply chain integrity.

939

8 months ago

rebuilderd

kpcyrd/rebuilderd

Tool

Independent verification of binary packages - Reproducible Builds

389

8 months ago

dalec

Azure/dalec

Tool

📦 Produce secure packages and containers with declarative configurations

180

8 months ago

scharf

cybrota/scharf

Tool

Static analysis tool to Identify and Fix GitHub Actions prone to Supply‑Chain Risks

10 months ago

sigrun

kube-tarian/sigrun

Tool

Sign your artifacts, source code or container images using Sigstore tools, Save the Signatures you want to use, and Validate & Control the deployments to allow only the known Sources based on Signatures, Maintainers & other payloads automatically.

7 months ago