Chainguard Enforce
AppSignature and Policy Enforcement for GitHub Repositories
41 installs
Tags
(1)Verified
Pricing
Select a tab navigation
Chainguard Enforce for GitHub
Signature and Policy Enforcement for GitHub Repositories.
Features
- More confidence in commit signing with ephemeral keys tied to user identities with Sigstore Gitsign verifying commits.
- User defined policies for which identities can/must sign your code.
- Merge-blocking check when combined with GitHub’s Repository Rulesets to ensure submitted commits comply with your organization’s policy.
Description
Are you a fan of signing your commits to Sigstore and Gitsign? So are we! However, source repositories themselves don't know how to recognize Sigstore signatures yet! That’s why we made Chainguard Enforce for GitHub, a GitHub App that lets you define and enforce policy for Sigstore-based Git signatures for your repositories.
Support
For any issues, please reach out at [email protected].
Want to learn more about Chainguard Enforce? Have a feature request? Let us know at https://www.chainguard.dev/contact
Plans and pricing
Enforce source code policy for public repositories
$0- Public Repositories
- Public sigstore.dev instance
Chainguard Enforce is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation