Last changed
Get notified of upcoming product changes, critical vulnerability notifications and patches and more.
Sign InMinimal Wolfi-based Sigstore images.
The image is available on cgr.dev
:
The images in this directory are just the "glue" for bootstrapping the stack, but Chainguard offers minimal images for each of the elements needed by the Sigstore "scaffold" Helm chart for bootstrapping a full sigstore stack.
In addition to these images, the stack also pulls in images from:
cosign
fulcio
rekor
trillian
ctlog
timestamp-authority
(an optional component only used in some setups)The stack also pulls in several support images:
To see an example of how we substitute images into the scaffold
Helm chart's
values.yaml
see our values.tf
example.
Chainguard Images contain software packages that are direct or transitive dependencies. The following licenses were found in the "latest" version of this image:
Apache-2.0
LGPL-2.1-or-later
MIT
MPL-2.0
For a complete list of licenses, please refer to this Image's SBOM.
Software license agreementThis is a FIPS validated image for FedRAMP compliance.
This image is STIG hardened and scanned against the DISA General Purpose Operating System SRG with reports available.
Learn more about STIGsGet started with STIGs