Verify commit signed with sigstore #37703
Unanswered
ctron
asked this question in
Code Security
Replies: 1 comment 7 replies
-
seems interesting, it's hosted on GitHub and there are developers you can see https://github.com/sigstore you can try asking in the most relevant repo that you will see |
Beta Was this translation helpful? Give feedback.
7 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I would like to use sigstore in a repository. That works with git just fine, but pushing signed commits to GitHub now shows those commits in orange and as "unverified":
So adding things that makes the code actually more secure, gets visually downgraded on GitHub. And it doesn't seem to look like that I can configure this.
I guess what I am looking for is proper sigstore support, or maybe a way to ignore sigstore style signatures if they aren't supported.
Beta Was this translation helpful? Give feedback.
All reactions