A Go CLI that acts as forge’s companion CI gate. Verifies cosign signatures, SBOM attestations, and non-root execution before an image is allowed through, using cosign v3 and OCI 1.1 referrers.
A Go CLI that acts as forge’s companion CI gate. Verifies cosign signatures, SBOM attestations, and non-root execution before an image is allowed through, using cosign v3 and OCI 1.1 referrers.