├── .github
    ├── dependabot.yml
    └── workflows
    │   ├── github-sync-main-sigstore-conformance.yml
    │   ├── github-sync-main-sigstore.yml
    │   ├── github-sync-pr-sigstore-conformance.yml
    │   ├── github-sync-pr-sigstore.yml
    │   ├── reusable-dependency-review.yml
    │   ├── reusable-release.yml
    │   └── reusable-scorecard.yml
├── .gitignore
├── CODEOWNERS
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── EMERITUS.md
├── LICENSE
├── LICENSING.md
├── MEMBERSHIP.md
├── OWNERS.md
├── PROJECT-TIERS.md
├── README.md
├── ROADMAP.md
├── actions
    ├── close-workflow-issue
    │   └── action.yml
    └── open-workflow-issue
    │   └── action.yml
├── artwork
    ├── Sigstore_BrandGuide_March2023.pdf
    ├── badge
    │   ├── sigstore_codesigned_purple.png
    │   └── sigstore_codesigned_salmon.png
    ├── cosign
    │   ├── horizontal
    │   │   ├── black
    │   │   │   ├── sigstore_cosign-horizontal-black.png
    │   │   │   └── sigstore_cosign-horizontal-black.svg
    │   │   ├── color reverse
    │   │   │   ├── sigstore_cosign-horizontal-colorreverse.png
    │   │   │   └── sigstore_cosign-horizontal-colorreverse.svg
    │   │   ├── color
    │   │   │   ├── sigstore_cosign-horizontal-color.png
    │   │   │   └── sigstore_cosign-horizontal-color.svg
    │   │   ├── cream
    │   │   │   ├── sigstore_cosign-horizontal-sigstorecream.png
    │   │   │   └── sigstore_cosign-horizontal-sigstorecream.svg
    │   │   ├── dark blue
    │   │   │   ├── sigstore_cosign-horizontal-sigstoredarkblue.png
    │   │   │   └── sigstore_cosign-horizontal-sigstoredarkblue.svg
    │   │   └── white
    │   │   │   ├── sigstore_cosign-horizontal-white.png
    │   │   │   └── sigstore_cosign-horizontal-white.svg
    │   ├── icons
    │   │   ├── black
    │   │   │   ├── sigstore_cosign-icon-black.png
    │   │   │   └── sigstore_cosign-icon-black.svg
    │   │   ├── color
    │   │   │   ├── sigstore_cosign-icon-color.png
    │   │   │   └── sigstore_cosign-icon-color.svg
    │   │   ├── cream
    │   │   │   ├── sigstore_cosign-icon-sigstorecream.png
    │   │   │   └── sigstore_cosign-icon-sigstorecream.svg
    │   │   ├── dark blue
    │   │   │   ├── sigstore_cosign-icon-sigstoredarkblue.png
    │   │   │   └── sigstore_cosign-icon-sigstoredarkblue.svg
    │   │   └── white
    │   │   │   ├── sigstore_cosign-icon-white.png
    │   │   │   └── sigstore_cosign-icon-white.svg
    │   └── stacked
    │   │   ├── black
    │   │       ├── sigstore_cosign-stacked-black.png
    │   │       └── sigstore_cosign-stacked-black.svg
    │   │   ├── color reverse
    │   │       ├── sigstore_cosign-stacked-colorreverse.png
    │   │       └── sigstore_cosign-stacked-colorreverse.svg
    │   │   ├── color
    │   │       ├── sigstore_cosign-stacked-color.png
    │   │       └── sigstore_cosign-stacked-color.svg
    │   │   ├── cream
    │   │       ├── sigstore_cosign-stacked-sigstorecream.png
    │   │       └── sigstore_cosign-stacked-sigstorecream.svg
    │   │   ├── dark blue
    │   │       ├── sigstore_cosign-stacked-sigstoredarkblue.png
    │   │       └── sigstore_cosign-stacked-sigstoredarkblue.svg
    │   │   └── white
    │   │       ├── sigstore_cosign-stacked-white.png
    │   │       └── sigstore_cosign-stacked-white.svg
    ├── fulcio
    │   ├── horizontal
    │   │   ├── black
    │   │   │   ├── sigstore_fulcio-horizontal-black.png
    │   │   │   └── sigstore_fulcio-horizontal-black.svg
    │   │   ├── color reverse
    │   │   │   ├── sigstore_fulcio-horizontal-colorreverse.png
    │   │   │   └── sigstore_fulcio-horizontal-colorreverse.svg
    │   │   ├── color
    │   │   │   ├── sigstore_fulcio-horizontal-color.png
    │   │   │   └── sigstore_fulcio-horizontal-color.svg
    │   │   ├── cream
    │   │   │   ├── sigstore_fulcio-horizontal-sigstorecream.png
    │   │   │   └── sigstore_fulcio-horizontal-sigstorecream.svg
    │   │   ├── dark blue
    │   │   │   ├── sigstore_fulcio-horizontal-sigstoredarkblue.png
    │   │   │   └── sigstore_fulcio-horizontal-sigstoredarkblue.svg
    │   │   └── white
    │   │   │   ├── sigstore_fulcio-horizontal-white.png
    │   │   │   └── sigstore_fulcio-horizontal-white.svg
    │   ├── icons
    │   │   ├── black
    │   │   │   ├── sigstore_fulcio-icon-black.png
    │   │   │   └── sigstore_fulcio-icon-black.svg
    │   │   ├── color
    │   │   │   ├── sigstore_fulcio-icon-color.png
    │   │   │   └── sigstore_fulcio-icon-color.svg
    │   │   ├── cream
    │   │   │   ├── sigstore_fulcio-icon-sigstorecream.png
    │   │   │   └── sigstore_fulcio-icon-sigstorecream.svg
    │   │   ├── dark blue
    │   │   │   ├── sigstore_fulcio-icon-sigstoredarkblue.png
    │   │   │   └── sigstore_fulcio-icon-sigstoredarkblue.svg
    │   │   └── white
    │   │   │   ├── sigstore_fulcio-icon-white.png
    │   │   │   └── sigstore_fulcio-icon-white.svg
    │   └── stacked
    │   │   ├── black
    │   │       ├── sigstore_fulcio-stacked-black.png
    │   │       └── sigstore_fulcio-stacked-black.svg
    │   │   ├── color reverse
    │   │       ├── sigstore_fulcio-stacked-colorreverse.png
    │   │       └── sigstore_fulcio-stacked-colorreverse.svg
    │   │   ├── color
    │   │       ├── sigstore_fulcio-stacked-color.png
    │   │       └── sigstore_fulcio-stacked-color.svg
    │   │   ├── cream
    │   │       ├── sigstore_fulcio-stacked-sigstorecream.png
    │   │       └── sigstore_fulcio-stacked-sigstorecream.svg
    │   │   ├── dark blue
    │   │       ├── sigstore_fulcio-stacked-sigstoredarkblue.png
    │   │       └── sigstore_fulcio-stacked-sigstoredarkblue.svg
    │   │   └── white
    │   │       ├── sigstore_fulcio-stacked-white.png
    │   │       └── sigstore_fulcio-stacked-white.svg
    ├── gitsign
    │   ├── horizontal
    │   │   ├── black
    │   │   │   ├── sigstore_gitsign-horizontal-black.png
    │   │   │   └── sigstore_gitsign-horizontal-black.svg
    │   │   ├── color reverse
    │   │   │   ├── sigstore_gitsign-horizontal-colorreverse.png
    │   │   │   └── sigstore_gitsign-horizontal-colorreverse.svg
    │   │   ├── color
    │   │   │   ├── sigstore_gitsign-horizontal-color.png
    │   │   │   └── sigstore_gitsign-horizontal-color.svg
    │   │   ├── cream
    │   │   │   ├── sigstore_gitsign-horizontal-sigstorecream.png
    │   │   │   └── sigstore_gitsign-horizontal-sigstorecream.svg
    │   │   ├── dark blue
    │   │   │   ├── sigstore_gitsign-horizontal-sigstoredarkblue.png
    │   │   │   └── sigstore_gitsign-horizontal-sigstoredarkblue.svg
    │   │   └── white
    │   │   │   ├── sigstore_gitsign-horizontal-white.png
    │   │   │   └── sigstore_gitsign-horizontal-white.svg
    │   ├── icons
    │   │   ├── black
    │   │   │   ├── sigstore_gitsign-icon-black.png
    │   │   │   └── sigstore_gitsign-icon-black.svg
    │   │   ├── color
    │   │   │   ├── sigstore_gitsign-icon-color.png
    │   │   │   └── sigstore_gitsign-icon-color.svg
    │   │   ├── cream
    │   │   │   ├── sigstore_gitsign-icon-sigstorecream.png
    │   │   │   └── sigstore_gitsign-icon-sigstorecream.svg
    │   │   ├── dark blue
    │   │   │   ├── sigstore_gitsign-icon-sigstoredarkblue.png
    │   │   │   └── sigstore_gitsign-icon-sigstoredarkblue.svg
    │   │   └── white
    │   │   │   ├── sigstore_gitsign-icon-white.png
    │   │   │   └── sigstore_gitsign-icon-white.svg
    │   └── stacked
    │   │   ├── black
    │   │       ├── sigstore_gitsign-stacked-black.png
    │   │       └── sigstore_gitsign-stacked-black.svg
    │   │   ├── color reverse
    │   │       ├── sigstore_gitsign-stacked-colorreverse.png
    │   │       └── sigstore_gitsign-stacked-colorreverse.svg
    │   │   ├── color
    │   │       ├── sigstore_gitsign-stacked-color.png
    │   │       └── sigstore_gitsign-stacked-color.svg
    │   │   ├── cream
    │   │       ├── sigstore_gitsign-stacked-sigstorecream.png
    │   │       └── sigstore_gitsign-stacked-sigstorecream.svg
    │   │   ├── dark blue
    │   │       ├── sigstore_gitsign-stacked-sigstoredarkblue.png
    │   │       └── sigstore_gitsign-stacked-sigstoredarkblue.svg
    │   │   └── white
    │   │       ├── sigstore_gitsign-stacked-white.png
    │   │       └── sigstore_gitsign-stacked-white.svg
    ├── policy-controller
    │   ├── Horizontal
    │   │   ├── Color Reverse
    │   │   │   ├── sigstore_policycontroller-horizontal-colorreverse.png
    │   │   │   └── sigstore_policycontroller-horizontal-colorreverse.svg
    │   │   ├── Full Color
    │   │   │   ├── sigstore_policycontroller-horizontal-color.png
    │   │   │   └── sigstore_policycontroller-horizontal-color.svg
    │   │   └── Single Color
    │   │   │   ├── Black
    │   │   │       ├── sigstore_policycontroller-horizontal-black.png
    │   │   │       └── sigstore_policycontroller-horizontal-black.svg
    │   │   │   ├── Sigstore Cream
    │   │   │       ├── sigstore_policycontroller-horizontal-sigstorecream.png
    │   │   │       └── sigstore_policycontroller-horizontal-sigstorecream.svg
    │   │   │   ├── Sigstore Dark Blue
    │   │   │       ├── sigstore_policycontroller-horizontal-sigstoredarkblue.png
    │   │   │       └── sigstore_policycontroller-horizontal-sigstoredarkblue.svg
    │   │   │   └── White
    │   │   │       ├── sigstore_policycontroller-horizontal-white.png
    │   │   │       └── sigstore_policycontroller-horizontal-white.svg
    │   ├── Icon
    │   │   ├── sigstore_policycontroller-icon-black.png
    │   │   ├── sigstore_policycontroller-icon-black.svg
    │   │   ├── sigstore_policycontroller-icon-color.png
    │   │   ├── sigstore_policycontroller-icon-color.svg
    │   │   ├── sigstore_policycontroller-icon-sigstoredarkblue.png
    │   │   ├── sigstore_policycontroller-icon-sigstoredarkblue.svg
    │   │   ├── sigstore_policycontroller-icon-sigtorecream.png
    │   │   ├── sigstore_policycontroller-icon-sigtorecream.svg
    │   │   ├── sigstore_policycontroller-icon-white.png
    │   │   └── sigstore_policycontroller-icon-white.svg
    │   └── Stacked
    │   │   ├── sigstore_policycontroller-stacked-black.png
    │   │   ├── sigstore_policycontroller-stacked-black.svg
    │   │   ├── sigstore_policycontroller-stacked-color.png
    │   │   ├── sigstore_policycontroller-stacked-color.svg
    │   │   ├── sigstore_policycontroller-stacked-colorreverse.png
    │   │   ├── sigstore_policycontroller-stacked-colorreverse.svg
    │   │   ├── sigstore_policycontroller-stacked-sigstorecream.png
    │   │   ├── sigstore_policycontroller-stacked-sigstorecream.svg
    │   │   ├── sigstore_policycontroller-stacked-sigstoredarkblue.png
    │   │   ├── sigstore_policycontroller-stacked-sigstoredarkblue.svg
    │   │   ├── sigstore_policycontroller-stacked-white.png
    │   │   └── sigstore_policycontroller-stacked-white.svg
    ├── rekor
    │   ├── horizontal
    │   │   ├── black
    │   │   │   ├── sigstore_rekor-horizontal-black.png
    │   │   │   └── sigstore_rekor-horizontal-black.svg
    │   │   ├── color reverse
    │   │   │   ├── sigstore_rekor-horizontal-colorreverse.png
    │   │   │   └── sigstore_rekor-horizontal-colorreverse.svg
    │   │   ├── color
    │   │   │   ├── sigstore_rekor-horizontal-color.png
    │   │   │   └── sigstore_rekor-horizontal-color.svg
    │   │   ├── cream
    │   │   │   ├── sigstore_rekor-horizontal-sigstorecream.png
    │   │   │   └── sigstore_rekor-horizontal-sigstorecream.svg
    │   │   ├── dark blue
    │   │   │   ├── sigstore_rekor-horizontal-sigstoredarkblue.png
    │   │   │   └── sigstore_rekor-horizontal-sigstoredarkblue.svg
    │   │   └── white
    │   │   │   ├── sigstore_rekor-horizontal-white.png
    │   │   │   └── sigstore_rekor-horizontal-white.svg
    │   ├── icons
    │   │   ├── black
    │   │   │   ├── sigstore_rekor-icon-black.png
    │   │   │   └── sigstore_rekor-icon-black.svg
    │   │   ├── color
    │   │   │   ├── sigstore_rekor-icon-color.png
    │   │   │   └── sigstore_rekor-icon-color.svg
    │   │   ├── cream
    │   │   │   ├── sigstore_rekor-icon-sigstorecream.png
    │   │   │   └── sigstore_rekor-icon-sigstorecream.svg
    │   │   ├── dark blue
    │   │   │   ├── sigstore_rekor-icon-sigstoredarkblue.png
    │   │   │   └── sigstore_rekor-icon-sigstoredarkblue.svg
    │   │   └── white
    │   │   │   ├── sigstore_rekor-icon-white.png
    │   │   │   └── sigstore_rekor-icon-white.svg
    │   └── stacked
    │   │   ├── black
    │   │       ├── sigstore_rekor-stacked-black.png
    │   │       └── sigstore_rekor-stacked-black.svg
    │   │   ├── color reverse
    │   │       ├── sigstore_rekor-stacked-colorreverse.png
    │   │       └── sigstore_rekor-stacked-colorreverse.svg
    │   │   ├── color
    │   │       ├── sigstore_rekor-stacked-color.png
    │   │       └── sigstore_rekor-stacked-color.svg
    │   │   ├── cream
    │   │       ├── sigstore_rekor-stacked-sigstorecream.png
    │   │       └── sigstore_rekor-stacked-sigstorecream.svg
    │   │   ├── dark blue
    │   │       ├── sigstore_rekor-stacked-sigstoredarkblue.png
    │   │       └── sigstore_rekor-stacked-sigstoredarkblue.svg
    │   │   └── white
    │   │       ├── sigstore_rekor-stacked-white.png
    │   │       └── sigstore_rekor-stacked-white.svg
    └── sigstore
    │   ├── horizontal
    │       ├── black
    │       │   ├── sigstore_horizontal-black.png
    │       │   └── sigstore_horizontal-black.svg
    │       ├── color reverse
    │       │   ├── sigstore_horizontal-colorreverse.png
    │       │   └── sigstore_horizontal-colorreverse.svg
    │       ├── color
    │       │   ├── sigstore_horizontal-color.svg
    │       │   └── sigstore_horizontal-sigstore-color.png
    │       ├── cream
    │       │   ├── sigstore_horizontal-sigstorecream.png
    │       │   └── sigstore_horizontal-sigstorecream.svg
    │       ├── dark blue
    │       │   ├── sigstore_horizontal-sigstoredarkblue.png
    │       │   └── sigstore_horizontal-sigstoredarkblue.svg
    │       └── white
    │       │   ├── sigstore_horizontal-white.png
    │       │   └── sigstore_horizontal-white.svg
    │   ├── icons
    │       ├── black
    │       │   ├── sigstore_icon-black.png
    │       │   └── sigstore_icon-black.svg
    │       ├── color
    │       │   ├── sigstore_icon-color.png
    │       │   └── sigstore_icon-color.svg
    │       ├── cream
    │       │   ├── sigstore_icon-sigstorecream.png
    │       │   └── sigstore_icon-sigstorecream.svg
    │       ├── dark blue
    │       │   ├── sigstore_icon-sigstoredarkblue.png
    │       │   └── sigstore_icon-sigstoredarkblue.svg
    │       └── white
    │       │   ├── sigstore_icon-white.png
    │       │   └── sigstore_icon-white.svg
    │   └── stacked
    │       ├── black
    │           ├── sigstore_stacked-black.png
    │           └── sigstore_stacked-black.svg
    │       ├── color reverse
    │           ├── sigstore_stacked-colorreverse.png
    │           └── sigstore_stacked-colorreverse.svg
    │       ├── color
    │           ├── sigstore_stacked-color.png
    │           └── sigstore_stacked-color.svg
    │       ├── cream
    │           ├── sigstore_stacked-sigstorecream.png
    │           └── sigstore_stacked-sigstorecream.svg
    │       ├── dark blue
    │           ├── sigstore_stacked-sigstoredarkblue.png
    │           └── sigstore_stacked-sigstoredarkblue.svg
    │       └── white
    │           ├── sigstore_stacked-white.png
    │           └── sigstore_stacked-white.svg
├── awards
    └── README.md
├── docs
    ├── claimantmodel
    │   ├── README.md
    │   ├── fulcio
    │   │   └── identity
    │   │   │   ├── full.md
    │   │   │   ├── full.yaml
    │   │   │   ├── logsequence.md
    │   │   │   ├── model.md
    │   │   │   └── model.yaml
    │   ├── rekor
    │   │   ├── identity
    │   │   │   ├── full.md
    │   │   │   ├── full.yaml
    │   │   │   ├── logsequence.md
    │   │   │   ├── model.md
    │   │   │   └── model.yaml
    │   │   ├── key
    │   │   │   ├── full.md
    │   │   │   ├── full.yaml
    │   │   │   ├── logsequence.md
    │   │   │   ├── model.md
    │   │   │   └── model.yaml
    │   │   ├── provenance
    │   │   │   ├── full.md
    │   │   │   ├── full.yaml
    │   │   │   ├── logsequence.md
    │   │   │   ├── model.md
    │   │   │   └── model.yaml
    │   │   └── timestamping
    │   │   │   ├── README.md
    │   │   │   ├── full.md
    │   │   │   ├── full.yaml
    │   │   │   ├── logsequence.md
    │   │   │   ├── model.md
    │   │   │   └── model.yaml
    │   └── tsa
    │   │   ├── full.md
    │   │   ├── full.yaml
    │   │   ├── logsequence.md
    │   │   ├── model.md
    │   │   └── model.yaml
    ├── images
    │   ├── fork.png
    │   ├── opensec.png
    │   └── publish.png
    ├── research
    │   ├── sigstore_discovery–recommendations.pdf
    │   └── sigstore_discovery–research_insights.pdf
    └── zero-trust-supply-chains.pdf
├── github-sync
    ├── Pulumi.github-prod.yaml
    ├── Pulumi.github-sigstore-conformance.yaml
    ├── Pulumi.yaml
    ├── README.md
    └── github-data
    │   ├── .gitkeep
    │   ├── sigstore-conformance
    │       ├── .gitkeep
    │       ├── bots.yaml
    │       ├── repositories.yaml
    │       ├── teams.yaml
    │       └── users.yaml
    │   └── sigstore
    │       ├── .gitkeep
    │       ├── bots.yaml
    │       ├── repositories.yaml
    │       ├── teams.yaml
    │       └── users.yaml
├── images
    └── sigstore_layers.png
└── proposals
    └── community-organization.md


/.github/dependabot.yml:
--------------------------------------------------------------------------------
 1 | #
 2 | # Copyright 2022 The Sigstore Authors.
 3 | #
 4 | # Licensed under the Apache License, Version 2.0 (the "License");
 5 | # you may not use this file except in compliance with the License.
 6 | # You may obtain a copy of the License at
 7 | #
 8 | #     http://www.apache.org/licenses/LICENSE-2.0
 9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | 
16 | # https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
17 | version: 2
18 | updates:
19 |   - package-ecosystem: "github-actions"
20 |     directories:
21 |       - "/"
22 |       - "/actions/**"
23 |     schedule:
24 |       interval: "daily"
25 |     groups:
26 |       actions:
27 |         update-types:
28 |           - "minor"
29 |           - "patch"
30 | 


--------------------------------------------------------------------------------
/.github/workflows/github-sync-main-sigstore-conformance.yml:
--------------------------------------------------------------------------------
 1 | name: sync-changes-sigstore-conformance
 2 | 
 3 | on:
 4 |   workflow_dispatch:
 5 |     inputs:
 6 |       preview:
 7 |         description: "Dry run of the Pulumi changes"
 8 |         required: false
 9 |         default: false
10 |         type: boolean
11 |   push:
12 |     branches:
13 |       - main
14 |     paths:
15 |       - 'github-sync/github-data/sigstore-conformance/*.yaml'
16 |       - 'github-sync/Pulumi.github-sigstore-conformance.yaml'
17 | 
18 | permissions: {}
19 | 
20 | env:
21 |  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
22 |  GITHUB_OWNER: sigstore-conformance
23 | 
24 | jobs:
25 |   Update:
26 |     name: sync-changes-sigstore-conformance
27 |     runs-on: ubuntu-latest
28 |     permissions:
29 |       contents: read
30 | 
31 |     steps:
32 |     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
33 |       with:
34 |         persist-credentials: false
35 |     - uses: sigstore/github-sync@main
36 |       if: ${{ inputs.preview }}
37 |       with:
38 |         work_dir: ./github-sync
39 |         config_directory: ./github-sync/github-data
40 |         stack_name: sigstore/github-sigstore-conformance
41 |         pulumi_access_token: ${{ secrets.PULUMI_ACCESS_TOKEN }}
42 |         pulumi_command: preview
43 |         gh_token: ${{ secrets.GITHUB_TOKEN }}
44 |     - uses: sigstore/github-sync@main
45 |       if: ${{ !inputs.preview }}
46 |       with:
47 |         work_dir: ./github-sync
48 |         config_directory: ./github-sync/github-data
49 |         stack_name: sigstore/github-sigstore-conformance
50 |         pulumi_access_token: ${{ secrets.PULUMI_ACCESS_TOKEN }}
51 |         pulumi_command: up
52 |         gh_token: ${{ secrets.GITHUB_TOKEN }}
53 | 


--------------------------------------------------------------------------------
/.github/workflows/github-sync-main-sigstore.yml:
--------------------------------------------------------------------------------
 1 | name: sync-changes-sigstore
 2 | 
 3 | on:
 4 |   workflow_dispatch:
 5 |     inputs:
 6 |       preview:
 7 |         description: "Dry run of the Pulumi changes"
 8 |         required: false
 9 |         default: false
10 |         type: boolean
11 |   push:
12 |     branches:
13 |       - main
14 |     paths:
15 |       - 'github-sync/github-data/sigstore/*.yaml'
16 |       - 'github-sync/Pulumi.github-prod.yaml'
17 | 
18 | permissions: {}
19 | 
20 | env:
21 |  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
22 |  GITHUB_OWNER: sigstore
23 | 
24 | jobs:
25 |   Update:
26 |     name: sync-changes-sigstore
27 |     runs-on: ubuntu-latest
28 |     permissions:
29 |       contents: read
30 | 
31 |     steps:
32 |     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
33 |       with:
34 |         persist-credentials: false
35 |     - uses: sigstore/github-sync@main
36 |       if: ${{ inputs.preview }}
37 |       with:
38 |         work_dir: ./github-sync
39 |         config_directory: ./github-sync/github-data
40 |         stack_name: sigstore/github-prod
41 |         pulumi_access_token: ${{ secrets.PULUMI_ACCESS_TOKEN }}
42 |         pulumi_command: preview
43 |         gh_token: ${{ secrets.GITHUB_TOKEN }}
44 |     - uses: sigstore/github-sync@main
45 |       if: ${{ !inputs.preview }}
46 |       with:
47 |         work_dir: ./github-sync
48 |         config_directory: ./github-sync/github-data
49 |         stack_name: sigstore/github-prod
50 |         pulumi_access_token: ${{ secrets.PULUMI_ACCESS_TOKEN }}
51 |         pulumi_command: up
52 |         gh_token: ${{ secrets.GITHUB_TOKEN }}
53 | 


--------------------------------------------------------------------------------
/.github/workflows/github-sync-pr-sigstore-conformance.yml:
--------------------------------------------------------------------------------
 1 | name: preview-changes
 2 | 
 3 | on:
 4 |   pull_request_target:
 5 |     branches:
 6 |       - main
 7 |     paths:
 8 |       - 'github-sync/github-data/sigstore-conformance/*.yaml'
 9 |       - 'github-sync/Pulumi.github-sigstore-conformance.yaml'
10 | 
11 | permissions: {}
12 | 
13 | env:
14 |  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
15 |  GITHUB_OWNER: sigstore-conformance
16 | 
17 | jobs:
18 |   preview:
19 |     name: changes-sigstore-conformance
20 |     runs-on: ubuntu-latest
21 | 
22 |     permissions:
23 |       pull-requests: write
24 | 
25 |     steps:
26 |     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
27 |       with:
28 |         ref: ${{ github.event.pull_request.head.sha }}
29 |         persist-credentials: false
30 | 
31 |     - uses: sigstore/github-sync@main
32 |       with:
33 |         work_dir: ./github-sync
34 |         config_directory: ./github-sync/github-data
35 |         stack_name: sigstore/github-sigstore-conformance
36 |         pulumi_access_token: ${{ secrets.PULUMI_ACCESS_TOKEN }}
37 |         pulumi_command: preview
38 |         gh_token: ${{ secrets.GITHUB_TOKEN }}
39 |         comment_on_pr: true
40 | 


--------------------------------------------------------------------------------
/.github/workflows/github-sync-pr-sigstore.yml:
--------------------------------------------------------------------------------
 1 | name: preview-changes
 2 | 
 3 | on:
 4 |   pull_request_target:
 5 |     branches:
 6 |       - main
 7 |     paths:
 8 |       - 'github-sync/github-data/sigstore/*.yaml'
 9 |       - 'github-sync/Pulumi.github-prod.yaml'
10 | 
11 | permissions: {}
12 | 
13 | env:
14 |  PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
15 |  GITHUB_OWNER: sigstore
16 | 
17 | jobs:
18 |   preview:
19 |     name: changes-sigstore
20 |     runs-on: ubuntu-latest
21 | 
22 |     permissions:
23 |       pull-requests: write
24 | 
25 |     steps:
26 |     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
27 |       with:
28 |         ref: ${{ github.event.pull_request.head.sha }}
29 |         persist-credentials: false
30 | 
31 |     - uses: sigstore/github-sync@main
32 |       with:
33 |         work_dir: ./github-sync
34 |         config_directory: ./github-sync/github-data
35 |         stack_name: sigstore/github-prod
36 |         pulumi_access_token: ${{ secrets.PULUMI_ACCESS_TOKEN }}
37 |         pulumi_command: preview
38 |         gh_token: ${{ secrets.GITHUB_TOKEN }}
39 |         comment_on_pr: true
40 | 


--------------------------------------------------------------------------------
/.github/workflows/reusable-dependency-review.yml:
--------------------------------------------------------------------------------
 1 | name: 'Dependency Review'
 2 | on:
 3 |   workflow_call:
 4 |     inputs:
 5 |       fail-on-severity:
 6 |         type: string
 7 |         description: "Configure the severity level for vulnerability alerting. Possible values: critical, high, moderate, low."
 8 |         default: "high"
 9 |       allow-ghsas:
10 |         type: string
11 |         description: "A comma separated list of any GitHub Advisory IDs that can be skipped during detection. Example: 'GHSA-abcd-1234-5679, GHSA-efgh-1234-5679'"
12 |       allow-deps:
13 |         type: string
14 |         description: "A comma separated list of packages to exclude from the check, specified in purl format"
15 | 
16 | permissions:
17 |   contents: read
18 | 
19 | jobs:
20 |   dependency-review:
21 |     name: Scan dependencies for license compliance and vulnerabilities
22 |     runs-on: ubuntu-latest
23 |     steps:
24 |       - name: 'Checkout Repository'
25 |         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
26 |         with:
27 |           persist-credentials: false
28 |       - name: 'Dependency Review'
29 |         uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4.7.1
30 |         with:
31 |           fail-on-severity: ${{ inputs.fail-on-severity }}
32 |           allow-ghsas: ${{ inputs.allow-ghsas }}
33 |           allow-dependencies-licenses: ${{ inputs.allow-deps }}
34 |           deny-licenses: GPL-3.0, AGPL-3.0, LGPL-3.0 # these are hardcoded to be compliant with sigstore/community/LICENSING.md
35 | 


--------------------------------------------------------------------------------
/.github/workflows/reusable-release.yml:
--------------------------------------------------------------------------------
 1 | name: Cut Release
 2 | 
 3 | on:
 4 |   workflow_call:
 5 |     inputs:
 6 |       release_tag:
 7 |         required: false
 8 |         type: string
 9 |         description: 'Release tag. Will increment patch version if not specified.'
10 |         default: ''
11 |       key_ring:
12 |         required: false
13 |         type: string
14 |         description: 'Key ring for cosign key'
15 |       key_name:
16 |         required: false
17 |         type: string
18 |         description: 'Key name for cosign key'
19 |       workload_identity_provider:
20 |         required: true
21 |         type: string
22 |         description: 'Workload idenitty provider to authenticate acceses.'
23 |       service_account:
24 |         required: true
25 |         type: string
26 |         description: 'Service account to run the release.'
27 |       repo:
28 |         required: true
29 |         type: string
30 |         description: 'The Sigstore repo to release.'
31 | 
32 | permissions: {}
33 | 
34 | jobs:
35 |   cut-release:
36 |     name: Cut release
37 |     runs-on: ubuntu-latest
38 |     permissions:
39 |       id-token: write
40 |       contents: read
41 |     env:
42 |       PROJECT_ID: 'projectsigstore'
43 |       RELEASE_TAG: ${{ inputs.release_tag }}
44 |       REPO: ${{ inputs.repo }}
45 |     steps:
46 |       - name: Check actor access
47 |         if: ${{ !contains( fromJson('["bobcallaway","cpanato","lukehinds","priyawadhwa","haydentherapper"]'), github.actor ) }}
48 |         run: exit 1
49 | 
50 |       - name: Checkout out repo
51 |         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
52 |         with:
53 |           path: ./src/github.com/sigstore/${{ inputs.repo }}
54 |           persist-credentials: false
55 | 
56 |       - name: Set release tag if not specified
57 |         if: ${{ inputs.release_tag == '' }}
58 |         run: |
59 |           git fetch --all --tags
60 |           LATEST_DIGEST=`git rev-list --tags --max-count=1`
61 |           LATEST_TAG=`git describe --tags ${LATEST_DIGEST}`
62 |           NEW_VERSION=`echo "${TAG}" | awk -F. '{$NF = $NF + 1;} 1' | sed 's/ /./g'`
63 |           echo "RELEASE_TAG=${NEW_VERSION}" >> $GITHUB_ENV
64 | 
65 |       - name: Authenticate to Google Cloud
66 |         uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10
67 |         with:
68 |           workload_identity_provider: ${{ inputs.workload_identity_provider }}
69 |           service_account: ${{ inputs.service_account }}
70 | 
71 |       - name: Setup gcloud
72 |         uses: google-github-actions/setup-gcloud@77e7a554d41e2ee56fc945c52dfd3f33d12def9a # v2.1.4
73 |         with:
74 |           project_id: ${{ env.PROJECT_ID }}
75 | 
76 |       - name: Start cloudbuild job
77 |         working-directory: ./src/github.com/sigstore/${{ inputs.repo }}
78 |         run: gcloud builds submit --no-source --async --config release/cloudbuild.yaml --substitutions _GIT_TAG=${RELEASE_TAG},_TOOL_ORG=sigstore,_TOOL_REPO=${REPO},_STORAGE_LOCATION=${REPO}-releases,_KEY_RING=release-cosign,_KEY_NAME=cosign,_GITHUB_USER=sigstore-bot --project=${PROJECT_ID}
79 | 


--------------------------------------------------------------------------------
/.github/workflows/reusable-scorecard.yml:
--------------------------------------------------------------------------------
 1 | # This workflow uses actions that are not certified by GitHub. They are provided
 2 | # by a third-party and are governed by separate terms of service, privacy
 3 | # policy, and support documentation.
 4 | 
 5 | name: Scorecards supply-chain security
 6 | on:
 7 |   workflow_call:
 8 |     inputs:
 9 |       publish_results:
10 |         description: "Publish results to OpenSSF REST API and allows repository to include the Scorecard badge."
11 |         default: true
12 |         required: false
13 |         type: boolean
14 |     secrets:
15 |       scorecard_token:
16 |         description: "PAT used to enable Branch-Protection check validation. To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat."
17 |         required: false
18 | 
19 | # Declare default permissions as none
20 | permissions: {}
21 | 
22 | jobs:
23 |   analysis:
24 |     name: Scorecards analysis
25 |     runs-on: ubuntu-latest
26 |     permissions:
27 |       # Needed to upload the results to code-scanning dashboard.
28 |       security-events: write
29 |       # Needed to publish results and get a badge (see publish_results below).
30 |       id-token: write
31 |       # Uncomment the permissions below if installing in a private repository.
32 |       # contents: read
33 |       # actions: read
34 |     steps:
35 |       - name: "Checkout code"
36 |         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
37 |         with:
38 |           persist-credentials: false
39 | 
40 |       - name: "Run analysis"
41 |         uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
42 |         with:
43 |           results_file: results.sarif
44 |           results_format: sarif
45 |           # (Optional) "write" PAT token. Use `scorecard_token` input if:
46 |           # - you want to enable the Branch-Protection check on a *public* repository, or
47 |           # - you are installing Scorecards on a *private* repository
48 |           # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
49 |           repo_token: ${{ secrets.SCORECARD_TOKEN }}
50 | 
51 |           # Public repositories:
52 |           #   - Publish results to OpenSSF REST API for easy access by consumers
53 |           #   - Allows the repository to include the Scorecard badge.
54 |           #   - See https://github.com/ossf/scorecard-action#publishing-results.
55 |           # For private repositories:
56 |           #   - `publish_results` will always be set to `false`, regardless
57 |           #     of the value entered here.
58 |           publish_results: ${{ inputs.publish_results }}
59 | 
60 |       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
61 |       # format to the repository Actions tab.
62 |       - name: "Upload artifact"
63 |         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
64 |         with:
65 |           name: SARIF file
66 |           path: results.sarif
67 |           retention-days: 5
68 | 
69 |       # Upload the results to GitHub's code scanning dashboard.
70 |       - name: "Upload to code-scanning"
71 |         uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
72 |         with:
73 |           sarif_file: results.sarif
74 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | .DS_Store
2 | .vscode/*
3 | 


--------------------------------------------------------------------------------
/CODEOWNERS:
--------------------------------------------------------------------------------
1 | * @sigstore/core-team @sigstore/community-codeowners
2 | 


--------------------------------------------------------------------------------
/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
 1 | # Code of Conduct
 2 | 
 3 | ## Our Pledge
 4 | 
 5 | In the interest of fostering an open and welcoming environment, we as
 6 | contributors and maintainers pledge to making participation in our project and
 7 | our community a harassment-free experience for everyone, regardless of age, body
 8 | size, disability, ethnicity, gender identity and expression, level of experience,
 9 | nationality, personal appearance, race, religion, or sexual identity and
10 | orientation.
11 | 
12 | ## Our Standards
13 | 
14 | Examples of behavior that contributes to creating a positive environment
15 | include:
16 | 
17 | * Using welcoming and inclusive language
18 | * Being respectful of differing viewpoints and experiences
19 | * Gracefully accepting constructive criticism
20 | * Focusing on what is best for the community
21 | * Showing empathy towards other community members
22 | 
23 | Examples of unacceptable behavior by participants include:
24 | 
25 | * The use of sexualized language or imagery and unwelcome sexual attention or
26 |   advances
27 | * Trolling, insulting/derogatory comments, and personal or political attacks
28 | * Public or private harassment
29 | * Publishing others' private information, such as a physical or electronic
30 |   address, without explicit permission
31 | * Other conduct which could reasonably be considered inappropriate in a
32 |   professional setting
33 | 
34 | ## Our Responsibilities
35 | 
36 | Project maintainers are responsible for clarifying the standards of acceptable
37 | behavior and are expected to take appropriate and fair corrective action in
38 | response to any instances of unacceptable behavior.
39 | 
40 | Project maintainers have the right and responsibility to remove, edit, or
41 | reject comments, commits, code, wiki edits, issues, and other contributions
42 | that are not aligned to this Code of Conduct, or to ban temporarily or
43 | permanently any contributor for other behaviors that they deem inappropriate,
44 | threatening, offensive, or harmful.
45 | 
46 | ## Scope
47 | 
48 | This Code of Conduct applies both within project spaces and in public spaces
49 | when an individual is representing the project or its community. Examples of
50 | representing a project or community include using an official project e-mail
51 | address, posting via an official social media account, or acting as an appointed
52 | representative at an online or offline event. Representation of a project may be
53 | further defined and clarified by project maintainers.
54 | 
55 | ## Enforcement
56 | 
57 | Instances of abusive, harassing, or otherwise unacceptable behavior may be
58 | reported by contacting the project team at <tac@sigstore.dev>. All
59 | complaints will be reviewed and investigated and will result in a response that
60 | is deemed necessary and appropriate to the circumstances. The project team is
61 | obligated to maintain confidentiality with regard to the reporter of an incident.
62 | Further details of specific enforcement policies may be posted separately.
63 | 
64 | Project maintainers who do not follow or enforce the Code of Conduct in good
65 | faith may face temporary or permanent repercussions as determined by other
66 | members of the project's leadership.
67 | 
68 | ## Attribution
69 | 
70 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
71 | available at [http://contributor-covenant.org/version/1/4][version]
72 | 
73 | [homepage]: http://contributor-covenant.org
74 | [version]: http://contributor-covenant.org/version/1/4/
75 | 


--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
  1 | # Contributing
  2 | 
  3 | When contributing to a repository in the Sigstore organization, please first discuss the change you wish
  4 | to make via an issue in the repository.
  5 | 
  6 | ## Pull Request Process
  7 | 
  8 | 1. Create an issue in the repository outlining the fix or feature.
  9 | 2. Fork the repository to your own GitHub account and clone it locally.
 10 | 3. Complete and test the change.
 11 | 4. If relevant, update documentation with details of the change. This includes updates to an API, new environment
 12 |    variables, exposed ports, useful file locations, CLI parameters and
 13 |    new or changed configuration values.
 14 | 5. Correctly format your commit message - See [Commit Messages](#commit-message-guidelines)
 15 |    below.
 16 | 6. Sign off your commit.
 17 | 7. Ensure that CI passes. If it fails, fix the failures.
 18 | 8. Every pull request requires a review from the Sigstore subprojects MAINTAINERS.
 19 | 9. If your pull request consists of more than one commit, please squash your
 20 |    commits as described in [Squash Commits](#squash-commits), or the commits
 21 |    will be squashed on merge.
 22 | 
 23 | ## Commit Message Guidelines
 24 | 
 25 | We follow the commit formatting recommendations found on [Chris Beams' How to Write a Git Commit Message article](https://chris.beams.io/posts/git-commit/).
 26 | 
 27 | Well formed commit messages not only help reviewers understand the nature of
 28 | the Pull Request, but also assists the release process where commit messages
 29 | are used to generate release notes.
 30 | 
 31 | A good example of a commit message would be as follows:
 32 | 
 33 | ```
 34 | Summarize changes in around 50 characters or less
 35 | 
 36 | More detailed explanatory text, if necessary. Wrap it to about 72
 37 | characters or so. In some contexts, the first line is treated as the
 38 | subject of the commit and the rest of the text as the body. The
 39 | blank line separating the summary from the body is critical (unless
 40 | you omit the body entirely); various tools like `log`, `shortlog`
 41 | and `rebase` can get confused if you run the two together.
 42 | 
 43 | Explain the problem that this commit is solving. Focus on why you
 44 | are making this change as opposed to how (the code explains that).
 45 | Are there side effects or other unintuitive consequences of this
 46 | change? Here's the place to explain them.
 47 | 
 48 | Further paragraphs come after blank lines.
 49 | 
 50 |  - Bullet points are okay, too
 51 | 
 52 |  - Typically a hyphen or asterisk is used for the bullet, preceded
 53 |    by a single space, with blank lines in between, but conventions
 54 |    vary here
 55 | 
 56 | If you use an issue tracker, put references to them at the bottom,
 57 | like this:
 58 | 
 59 | Resolves: #123
 60 | See also: #456, #789
 61 | ```
 62 | 
 63 | Note the `Resolves #123` tag, this references the issue raised and allows us to
 64 | ensure issues are associated and closed when a pull request is merged.
 65 | 
 66 | Please refer to [the github help page on message types](https://help.github.com/articles/closing-issues-using-keywords/)
 67 | for a complete list of issue references.
 68 | 
 69 | ## Squash Commits
 70 | 
 71 | Should your pull request consist of more than one commit (perhaps due to
 72 | a change being requested during the review cycle), please perform a git squash
 73 | once a reviewer has approved your pull request.
 74 | 
 75 | A squash can be performed as follows. Let's say you have the following commits:
 76 | 
 77 |     initial commit
 78 |     second commit
 79 |     final commit
 80 | 
 81 | Run the command below with the number set to the total commits you wish to
 82 | squash (in our case 3 commits):
 83 | 
 84 |     git rebase -i HEAD~3
 85 | 
 86 | You default text editor will then open up and you will see the following::
 87 | 
 88 |     pick eb36612 initial commit
 89 |     pick 9ac8968 second commit
 90 |     pick a760569 final commit
 91 | 
 92 |     # Rebase eb1429f..a760569 onto eb1429f (3 commands)
 93 | 
 94 | We want to rebase on top of our first commit, so we change the other two commits
 95 | to `squash`:
 96 | 
 97 |     pick eb36612 initial commit
 98 |     squash 9ac8968 second commit
 99 |     squash a760569 final commit
100 | 
101 | After this, should you wish to update your commit message to better summarise
102 | all of your pull request, run:
103 | 
104 |     git commit --amend
105 | 
106 | You will then need to force push (assuming your initial commit(s) were posted
107 | to github):
108 | 
109 |     git push origin your-branch --force
110 | 
111 | Alternatively, a core member can squash your commits within Github.
112 | 
113 | ## Code of Conduct
114 | 
115 | Sigstore adheres to and enforces the [Contributor Covenant](http://contributor-covenant.org/version/1/4/) Code of Conduct.
116 | Please take a moment to read the [CODE_OF_CONDUCT.md](https://github.com/sigstore/community/blob/main/CODE_OF_CONDUCT.md) document.
117 | 
118 | 


--------------------------------------------------------------------------------
/EMERITUS.md:
--------------------------------------------------------------------------------
 1 | This is a list of prior maintainers whom we sincerely thank for their contributions to the Sigstore project!
 2 | 
 3 | - @Dentrax
 4 | - @developer-guy
 5 | - @erkanzileli
 6 | - @sozercan
 7 | - @smythp
 8 | - @jonvnadelberg
 9 | - @jyotsna-penumaka
10 | - @AndreyKozlov1984
11 | - @asraa
12 | - @jvanzyl
13 | - @devmoran
14 | - @cstamas
15 | - @dlorenc
16 | - @mattmoor
17 | - @mdunbavan
18 | - @michael-o
19 | - @puerco
20 | 


--------------------------------------------------------------------------------
/LICENSING.md:
--------------------------------------------------------------------------------
 1 | # License Policy
 2 | 
 3 | This document serves as the overarching policy for licensing across all sigstore projects.
 4 | 
 5 | ## Policy Statement
 6 | 
 7 | All sigstore projects MUST be licensed under the Apache License, Version 2.0 (Apache-2.0). This is non-negotiable, given that sigstore is a project within the OpenSSF and the [charter of the OpenSSF](https://charter.openssf.org) requires that all software projects be Apache-2.0 licensed.
 8 | 
 9 | ## Enforcement
10 | 
11 | Each project within the `sigstore` GitHub organization MUST have:
12 | - a LICENSE file in the root of the repository that contains the appropriate Apache-2.0 license text
13 | - automation that checks all the dependencies used by the project(s) contained in that repository use licenses that are compliant with the terms of the Apache-2.0 license.
14 | 
15 | An example tool that can be used to achieve this goal is the [Dependency Review GitHub Action](https://github.com/marketplace/actions/dependency-review). A reusable workflow for leveraging this action can be found in this repository [.github/workflows/reusable-dependency-review.yml](https://github.com/sigstore/community/blob/main/.github/workflows/reusable-dependency-review.yml)
16 | 


--------------------------------------------------------------------------------
/OWNERS.md:
--------------------------------------------------------------------------------
1 | # OWNERS (TSC Members)
2 | 
3 | * Luke Hinds (**[@lukehinds](https://github.com/lukehinds)**), Stacklok
4 | * Bob Callaway (**[@bobcallaway](https://github.com/bobcallaway)**), Google
5 | * Santiago Torres-Arias (**[@SantiagoTorres](https://github.com/SantiagoTorres)**), Purdue University
6 | * Trevor Rosen (**[@trevrosen](https://github.com/trevrosen)**), GitHub
7 | * Priya Wadhwa (**[@priyawadhwa](https://github.com/priyawadhwa)**), Chainguard, Inc.
8 | 


--------------------------------------------------------------------------------
/PROJECT-TIERS.md:
--------------------------------------------------------------------------------
 1 | # Introduction and motivation
 2 | 
 3 | As the Sigstore TSC looks to formalize and future-proof our stewardship of the Sigstore project, we find ourselves needing to honor lifecycle differences amongst the codebases and services that comprise the Sigstore estate. The existing flat landscape of projects has caused a certain amount of confusion amongst would-be contributors / adopters to-date, and the time has come to create a robust framework for signalling project maturity to the community as well as to create a notional “on-ramp” for future community projects. In this document we will establish that framework.
 4 | 
 5 | ## Goals
 6 | 
 7 | * Create a tiered labeling system for GitHub projects to signal the level of support / community involvement that a given repo has.  
 8 | * Establish a tier/label for all existing projects  
 9 | * Establish guidelines for future projects \- both for accepting new projects and for moving existing ones between tiers
10 | 
11 | # Tiers and their definitions
12 | 
13 | ## Core projects
14 | 
15 | Core projects are fundamental to the goals of Sigstore as articulated by the TSC. They encompass the basic services that power the Sigstore Public Good Instance, as well as the official CLI tool and the client libraries and repos that are currently in use by 3rd party integrators (e.g. package registries like npm and RubyGems and software vendors like GitHub and GitLab) to support implementations of Sigstore for use cases like provenance attestations, publishing attestations, runtime verification etc. 
16 | 
17 | ## Community projects
18 | 
19 | Community projects are ones which are deemed to have sufficient mindshare and promise that the Sigstore TSC determines that they should be brought into the Sigstore GitHub organization and live under the governance of the overall Sigstore umbrella.
20 | 
21 | ### Creating a community project
22 | 
23 | Obviously anyone with an interest in Sigstore can create their own GitHub repository and begin writing code. If such a repo originator believes that their source code / project should become a Community project, they must complete the following steps:
24 | 
25 | * Create a `ROADMAP.md` document in the root of their repo describing the intended evolution of the project.  
26 | * Create a `CONTRIBUTORS.md` document in the root of their repo naming the GitHub users who will be responsible for maintaining the project.  
27 | * Open an issue on the Sigstore Community Repo describing the project, its benefit, and describing why it’s an appropriate candidate for stewardship as a Community project.  
28 | * Notify the Sigstore TSC (by opening an issue on [github.com/sigstore/tsc](http://github.com/sigstore/tsc)) that they’d like to discuss their project at an upcoming meeting. A Sigstore TSC member will add it to the meeting agenda.  
29 | * Attend the meeting of the Sigstore TSC where their project is to be discussed  
30 | * Sigstore TSC will then discuss the project and its roadmap (in closed session, if desired) and vote on whether to bring it into the GitHub organization as a designated Community project.  
31 | * The originating maintainer will then transfer the GitHub repository to Sigstore, including having its GitHub configuration managed by the Sigstore TSC
32 | 
33 | ## Criteria for up-leveling from Community to Core
34 | 
35 | * TSC must vote to move a project from Community to Core  
36 | * There must be a dedicated maintainer and at least one other person acting as a contributor. Ideally these should be from two different employers.  
37 | * The project must have had at least X contributions within the trailing Y months  
38 | * In the case of a language client, it must pass all tests described in the sigstore-conformance repo
39 | 
40 | ## Why would a project want to go from Community to Core?
41 | 
42 | Core projects enjoy consideration for targeted funding from OpenSSF, Sigstore, or other funding sources. Membership in Core is a signal to the broader OSS community that the project is stable enough for adoption or productization.
43 | 
44 | # Project lists
45 | 
46 | ## Core
47 | 
48 | ### Services / CLI tools
49 | 
50 | * [Cosign](https://github.com/sigstore/cosign)  
51 | * [Fulcio](https://github.com/sigstore/fulcio)  
52 | * [Rekor](https://github.com/sigstore/rekor)  
53 | * [Policy Controller](https://github.com/sigstore/policy-controller/)  
54 | * [Timestamp Authority](https://github.com/sigstore/timestamp-authority)
55 | 
56 | ### Libraries / clients
57 | 
58 | * [sigstore-conformance](https://github.com/sigstore/sigstore-conformance)
59 | * [sigstore-go](https://github.com/sigstore/sigstore-go)  
60 | * [sigstore-js](https://github.com/sigstore/sigstore-js)  
61 | * [sigstore-java](https://github.com/sigstore/sigstore-java)  
62 | * [sigstore-python](https://github.com/sigstore/sigstore-python)  
63 | * [sigstore-ruby](https://github.com/sigstore/sigstore-ruby)  
64 | * [cosign-installer](https://github.com/sigstore/cosign-installer)  
65 | 
66 | ## Community
67 | 
68 | ### Services / CLI tools
69 | 
70 | * [GitSign](https://github.com/sigstore/gitsign)  
71 | * [Rekor-monitor](https://github.com/sigstore/rekor-monitor)  
72 | * [helm-sigstore](https://github.com/sigstore/helm-sigstore)  
73 | * [cosign-gatekeeper-provider](https://github.com/sigstore/cosign-gatekeeper-provider)
74 | 
75 | ### Libraries / clients
76 | * [model-transparency](https://github.com/sigstore/model-transparency)  


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Sigstore Community
 2 | 
 3 | General sigstore community repository
 4 | 
 5 | ## Slack
 6 | 
 7 | The majority of our community conversations happen in our community [Slack instance](https://sigstore.slack.com) - please join us!
 8 | [Invite link](https://sigstore.slack.com/join/shared_invite/zt-mhs55zh0-XmY3bcfWn4XEyMqUUutbUQ#/shared-invite/email)
 9 | 
10 | ## Mailing List
11 | 
12 | We use https://groups.google.com/g/sigstore-dev for infrequent communications (e.g. release announcements). The group is public and anyone can join.
13 | 
14 | Shared docs may be shared directly with this group, so please join this before requesting access to anything that appears private.
15 | 
16 | ## Roadmap
17 | 
18 | sigstore's umbrella roadmap is [available here](./ROADMAP.md)
19 | 
20 | ## Community Calendar
21 | 
22 | We now have a community calendar [available here](https://calendar.google.com/calendar/embed?src=fq4kgom2ce43hncnbcfja2ck20%40group.calendar.google.com&ctz=America%2FNew_York) ([in .ics format](https://calendar.google.com/calendar/ical/fq4kgom2ce43hncnbcfja2ck20%40group.calendar.google.com/public/basic.ics)
23 | and [shared Google calendar](https://calendar.google.com/calendar/u/0?cid=ZnE0a2dvbTJjZTQzaG5jbmJjZmphMmNrMjBAZ3JvdXAuY2FsZW5kYXIuZ29vZ2xlLmNvbQ)).
24 | All recurring and one-off meetings will be shared here.
25 | 
26 | ### Meetings
27 | 
28 | We typically meet for a community wide meeting every [Tuesday @ 16:30 UTC
29 | time](https://calendar.google.com/calendar/event?action=TEMPLATE&tmeid=NGVydDFqNXVsa3ExY2ZraWR0aGFmdm4yY2JfMjAyMzA3MTFUMTYzMDAwWiBmcTRrZ29tMmNlNDNobmNuYmNmamEyY2syMEBn&tmsrc=fq4kgom2ce43hncnbcfja2ck20%40group.calendar.google.com&scp=ALL).
30 | This is available via the shared calendar above.
31 | 
32 | Recordings for all of the above meetings should be on our [YouTube channel](https://www.youtube.com/channel/UCWPVc8glVGOODxsA_ep0VVw)
33 | 
34 | ## Membership
35 | 
36 | We encourage all contributors to become members. We aim to grow an active, healthy community of contributors, reviewers, and code owners. Learn more about requirements and responsibilities of membership in our [Community Membership page](/MEMBERSHIP.md).
37 | 
38 | ### Adding Users/Collaborators, Teams, Repositories to Sigstore GitHub Organization
39 | 
40 | To add or change to add/change an Org Member, team, collaborator or repository please [follow these steps](github-sync/README.md)
41 | 
42 | ## Support Tools
43 | 
44 | We would like to thank the following companies who provide us with an OpenSource plan to support Sigstore development.
45 | 
46 | <a target="_blank" href="https://pulumi.com/"><img style="width: 130px; height: 52px;" alt="Universal Infrastructure as Code" src="https://www.pulumi.com/images/logo/logo-on-white.svg" /></a>
47 | 
48 | <a target="_blank" href="https://betteruptime.com/"><img style="width: 130px; height: 52px;" alt="Better Uptime Website Monitoring" src="https://betteruptime.com/assets/static_assets/badges/dark.png" /></a>
49 | 


--------------------------------------------------------------------------------
/actions/close-workflow-issue/action.yml:
--------------------------------------------------------------------------------
 1 | name: Close workflow issue
 2 | description: Close a GitHub issue opened by open-workflow-issue
 3 | # The issue is identified by it's title which is built from
 4 | # the workflow name: make sure the workflow name is unique enough
 5 | #
 6 | # Required permissions:
 7 | # * issues: write
 8 | # * actions: read
 9 | 
10 | runs:
11 |   using: "composite"
12 |   steps:
13 |     - name: Close issue
14 |       uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
15 |       with:
16 |         script: |
17 |           var path = require('path');
18 | 
19 |           const reponame = context.repo.owner + "/" + context.repo.repo
20 |           const title = `[bug]: Workflow failure '${context.workflow}'`
21 |           const issues = await github.rest.search.issuesAndPullRequests({
22 |             q:  `${title}+in:title+label:bug+state:open+type:issue+repo:${reponame}`,
23 |           })
24 | 
25 |           const run = await github.rest.actions.getWorkflowRun( {
26 |             owner: context.repo.owner,
27 |             repo: context.repo.repo,
28 |             run_id: context.runId,
29 |           })
30 |           const workflow_file = path.basename(run.data.path)
31 | 
32 |           if (issues.data.total_count == 0) {
33 |             console.log("No issues found, exiting")
34 |           } else {
35 |             issue = issues.data.items[0].number
36 |             console.log(`issue ${issue} found, closing issue`)
37 | 
38 |             body = `### Closing issue based on workflow '${context.workflow}' success.\n` +
39 |                    `Run: ${run.data.html_url}\n` +
40 |                    `Workflow: ${run.data.repository.html_url}/blob/${context.ref}/${run.data.path}\n` +
41 |                    `Workflow runs: ${run.data.repository.html_url}/actions/workflows/${workflow_file}\n` +
42 |                    `Trigger: ${context.eventName} on ${context.ref}\n` +
43 |                    `Date: ${run.data.run_started_at}`
44 | 
45 |             await github.rest.issues.createComment({
46 |               issue_number: issue,
47 |               owner: context.repo.owner,
48 |               repo: context.repo.repo,
49 |               body: body
50 |             })
51 |             await github.rest.issues.update({
52 |               issue_number: issue,
53 |               owner: context.repo.owner,
54 |               repo: context.repo.repo,
55 |               state: "closed",
56 |             })
57 |           }
58 | 


--------------------------------------------------------------------------------
/actions/open-workflow-issue/action.yml:
--------------------------------------------------------------------------------
 1 | name: Open workflow issue
 2 | description: Open a github issue for a workflow failure
 3 | # An issue is filed unless one for the same workflow is open already.
 4 | # The issues are identitied by title which is built using the workflow
 5 | # name.
 6 | #
 7 | # Required permissions:
 8 | # * issues: write
 9 | # * actions: read
10 | 
11 | inputs:
12 |   comment_for_each_failure:
13 |     description: 'Should a comment be added to existing issue for every new failure'
14 |     required: false
15 |     default: false
16 | 
17 | runs:
18 |   using: "composite"
19 |   steps:
20 |     - name: Create issue
21 |       uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
22 |       env:
23 |         COMMENT_FOR_EACH_FAILURE: ${{ inputs.comment_for_each_failure }}
24 |       with:
25 |         script: |
26 |           var path = require('path');
27 | 
28 |           const reponame = context.repo.owner + "/" + context.repo.repo
29 |           const title = `[bug]: Workflow failure '${context.workflow}'`
30 |           const issues = await github.rest.search.issuesAndPullRequests({
31 |             q:  `${title}+in:title+label:bug+state:open+type:issue+repo:${reponame}`,
32 |           })
33 |           comment_for_each_failure = process.env.COMMENT_FOR_EACH_FAILURE == "true"
34 | 
35 |           const run = await github.rest.actions.getWorkflowRun( {
36 |             owner: context.repo.owner,
37 |             repo: context.repo.repo,
38 |             run_id: context.runId,
39 |           })
40 |           const workflow_file = path.basename(run.data.path)
41 | 
42 |           body = `### Workflow run failed for '${context.workflow}'.\n` +
43 |                  `Run: ${run.data.html_url}\n` +
44 |                  `Workflow: ${run.data.repository.html_url}/blob/${context.ref}/${run.data.path}\n` +
45 |                  `Workflow runs: ${run.data.repository.html_url}/actions/workflows/${workflow_file}\n` +
46 |                  `Trigger: ${context.eventName} on ${context.ref}\n` +
47 |                  `Date: ${run.data.run_started_at}`
48 | 
49 |           if (issues.data.total_count == 0) {
50 |             console.log("Filing new issue for failing workflow...")
51 |             await github.rest.issues.create({
52 |                 owner: context.repo.owner,
53 |                 repo: context.repo.repo,
54 |                 title: title,
55 |                 labels: ["bug"],
56 |                 body: body,
57 |               })
58 |           } else if (comment_for_each_failure) {
59 |             issue = issues.data.items[0].number
60 |             console.log(`issue ${issue} found, adding a comment`)
61 |             await github.rest.issues.createComment({
62 |                 owner: context.repo.owner,
63 |                 repo: context.repo.repo,
64 |                 issue_number: issue,
65 |                 body: body,
66 |               })
67 |           } else {
68 |             issue = issues.data.items[0].number
69 |             console.log(`issue ${issue} found, not adding a comment`)
70 |           }
71 | 


--------------------------------------------------------------------------------
/artwork/Sigstore_BrandGuide_March2023.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/Sigstore_BrandGuide_March2023.pdf


--------------------------------------------------------------------------------
/artwork/badge/sigstore_codesigned_purple.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/badge/sigstore_codesigned_purple.png


--------------------------------------------------------------------------------
/artwork/badge/sigstore_codesigned_salmon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/badge/sigstore_codesigned_salmon.png


--------------------------------------------------------------------------------
/artwork/cosign/horizontal/black/sigstore_cosign-horizontal-black.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/cosign/horizontal/black/sigstore_cosign-horizontal-black.png


--------------------------------------------------------------------------------
/artwork/cosign/horizontal/color reverse/sigstore_cosign-horizontal-colorreverse.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/cosign/horizontal/color reverse/sigstore_cosign-horizontal-colorreverse.png


--------------------------------------------------------------------------------
/artwork/cosign/horizontal/color/sigstore_cosign-horizontal-color.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/cosign/horizontal/color/sigstore_cosign-horizontal-color.png


--------------------------------------------------------------------------------
/artwork/cosign/horizontal/cream/sigstore_cosign-horizontal-sigstorecream.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/cosign/horizontal/cream/sigstore_cosign-horizontal-sigstorecream.png


--------------------------------------------------------------------------------
/artwork/cosign/horizontal/dark blue/sigstore_cosign-horizontal-sigstoredarkblue.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/cosign/horizontal/dark blue/sigstore_cosign-horizontal-sigstoredarkblue.png


--------------------------------------------------------------------------------
/artwork/cosign/horizontal/white/sigstore_cosign-horizontal-white.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/cosign/horizontal/white/sigstore_cosign-horizontal-white.png


--------------------------------------------------------------------------------
/artwork/cosign/icons/black/sigstore_cosign-icon-black.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/cosign/icons/black/sigstore_cosign-icon-black.png


--------------------------------------------------------------------------------
/artwork/cosign/icons/black/sigstore_cosign-icon-black.svg:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 125 120">
 3 |   <defs>
 4 |     <style>
 5 |       .cls-1 {
 6 |         fill: #231f20;
 7 |       }
 8 |     </style>
 9 |   </defs>
10 |   <path class="cls-1" d="m8.7161581,70.5570641c0,2.4204102-.0651855,4.2441406.0117798,6.0615234.2650757,6.2592773,1.7304688,11.9863281,7.2492676,15.8515625,2.0961914,1.4682617,4.3218384,2.7392578,6.675293,3.6982422,6.8986206,2.8095703,12.4552612,7.1445312,16.2451172,13.6445312.5064087.8686523,1.2446289,1.6142578,1.9368896,2.359375,3.1467285,3.3886719,7.0062256,5.0961914,11.6685181,4.9428711,3.4735718-.1142578,6.7943115-.9423828,9.9241333-2.3574219,9.3667603-4.2353516,18.8435669-7.8881836,29.1243286-9.5375977,7.2749634-1.1669922,12.0172119-6.1279297,14.5369873-13.1069336.8239136-2.2817383,1.2300415-4.6474609,1.5775146-7.0170898.6915283-4.7163086,2.9851685-8.2841797,7.1491089-10.6445312.9477539-.5375977,1.3181763-1.159668,2.2012329-1.800293,3.1641846-2.2958984,5.0458374-5.387207,5.6109009-9.2607422.5878906-4.0297852-.2290649-7.8164062-2.0206909-11.4311523-2.6206055-5.2871094-6.2943115-9.2304688-10.6642456-12.9775391-7.100769-6.0888672-7.9071655-9.5507812-10.3548584-19.015625-2.6619263-10.2939453-16.9299927-19.2294922-27.3804321-16.996582-8.0006104,1.7094727-15.8115234,2.1591797-23.7595215.2646484-.8413086-.2001953-1.7322998-.2231445-2.6032104-.2626953-4.2260742-.190918-7.663208,1.347168-10.2867432,4.7001953-1.5772095,2.015625-2.961853,4.1655273-4.1110229,6.434082-3.048645,6.0185547-7.7230835,10.2895508-13.6537476,13.3623047-2.7096558,1.4038086-5.385498,2.9223633-7.8926392,4.65625-3.8612061,2.6689453-7.0163574,5.9614258-7.6196899,10.9404297-.4396973,3.6279297.6728516,6.9765625,2.3781128,10.0488281,3.1351318,5.6479492,4.6774902,11.5854492,4.0576172,17.4433594Zm97.1416016,13.4462891c-2.545166,9.1616211-8.3133545,15.03125-17.6580811,17.2226562-.3540649.0830078-.7363892.0688477-1.1044312.059082-.1901855-.0048828-.3416138-.1347656-.3464355-.3974609.0529785-.4169922.34729-.7001953.7146606-.8964844.8175049-.4365234,1.6280518-.8964844,2.4790039-1.2583008,5.5744629-2.3706055,9.7168579-6.3120117,12.7501221-11.5.7113037-1.2167969,1.49646-2.390625,2.2650146-3.5727539.217041-.3339844.4920654-.831543.9206543-.6401367.4428711.1972656.067688.6660156-.0205078.9833984ZM77.3645345,7.2221032c5.8825073-.0361328,10.3515015,2.402832,13.2368164,7.5927734.109314.1962891.1658325.4262695.222229.6469727.0291138.1137695-.0224609.2260742-.1779785.2729492-.257019.0395508-.4755249-.0878906-.6543579-.2734375-.3981323-.4121094-.80896-.8168945-1.168335-1.2617188-2.3540649-2.9160156-5.4005127-4.7138672-9.0009766-5.640625-.8442993-.2172852-1.6757202-.4863281-2.5092773-.7431641-.2354736-.0727539-.5780029-.1523438-.5368042-.4399414.0426025-.2963867.3848877-.152832.5886841-.1538086Zm-7.5343018,7.0595703c20.9396362,4.3671875,36.3383179,23.5405273,36.1751709,45.2524414-.1679688,22.34375-15.9590454,41.0009766-38.2860107,45.0283203-20.375,3.675293-39.0632935-7.8862305-45.7973633-20.5454102,7.5846558,9.5517578,17.3511353,15.4208984,29.3483276,17.453125,21.7467651,3.6831055,42.928833-8.0014648,50.5445557-27.7958984,1.3510742-3.5117188,2.1722412-7.1513672,2.4928589-10.8129883,1.1505737-13.1386719-4.1528931-26.5581055-14.6230469-35.3530273-5.840332-4.90625-12.4750977-8.1772461-19.3685303-9.8666992-16.0026245-3.921875-33.4080811.730957-45.5683594,13.6147461-1.4712524,1.559082-2.7245483,3.3237305-4.2210693,5.1679688,6.8379517-13.6572266,25.9818726-27.0078125,49.3034668-22.1425781Zm6.0369873,45.4624023l-1.4141846.9423828c-.9428711.7075195-2.3570557.4711914-3.0641479-.4711914l-13.6706543-18.855957c-.7073364-.9433594-.4715576-2.3574219.4713135-3.0644531l1.4141235-.9428711c.9428711-.7075195,2.3570557-.4711914,3.0641479.4716797l13.6709595,18.8564453c.7068481.9423828.4713135,2.3564453-.4715576,3.0639648Zm4.2427368,4.0068359c.7070923-.4716797,1.4141846-.2358398,1.4141846.7070312l.4713135,4.7143555c0,.9423828-.7070923,1.4140625-1.4141846.9423828l-4.2424927-2.1206055c-.7073364-.4716797-.7073364-1.1791992,0-1.6503906l3.7711792-2.5927734Zm-12.2567139,1.8857422c1.1786499.4711914,1.6499023,2.1210938,1.1786499,3.2998047-.7070923,1.4140625-2.3570557,1.8857422-3.5354614,1.1782227-4.9498901-2.5922852-8.2497559-1.4140625-12.2565308-.2358398-1.8857422.7075195-3.5357056,1.1787109-5.6572266,1.4145508h-1.4141235c-1.885498,0-4.0067749-.4711914-6.3640747-1.4145508-1.1784058-.4711914-1.885498-1.8847656-1.4141846-3.2998047.4715576-1.1782227,1.8857422-1.8852539,3.2999268-1.4140625,2.121521.7075195,4.007019,1.1787109,5.4212036.9428711,1.6499023-.2353516,3.0643311-.7070312,4.7140503-1.1787109,4.4785767-1.1782227,9.4281616-2.828125,16.027771.7075195Zm-48.9063721-22.2285156c.2098999-.296875.505127-.5400391.7871094-.7768555.145813-.1220703.3452148-.1254883.5230103.0678711.2369385.347168.2047119.7543945.0599365,1.1450195-.3224487.8686523-.6239014,1.7504883-1.020752,2.5859375-2.5993042,5.4716797-3.085022,11.1689453-1.9140015,17.0634766.2746582,1.3818359.4656372,2.78125.6747437,4.1757812.059021.394043.1831665.9487305-.2644043,1.0898438-.4624634.1459961-.4924316-.4536133-.6369629-.7495117-4.1721802-8.5449219-3.7487183-16.7636719,1.7913208-24.6015625Z"/>
11 | </svg>


--------------------------------------------------------------------------------
/artwork/cosign/icons/color/sigstore_cosign-icon-color.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/cosign/icons/color/sigstore_cosign-icon-color.png


--------------------------------------------------------------------------------
/artwork/cosign/icons/cream/sigstore_cosign-icon-sigstorecream.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/cosign/icons/cream/sigstore_cosign-icon-sigstorecream.png


--------------------------------------------------------------------------------
/artwork/cosign/icons/cream/sigstore_cosign-icon-sigstorecream.svg:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 125 120">
 3 |   <defs>
 4 |     <style>
 5 |       .cls-1 {
 6 |         fill: #faf7ef;
 7 |       }
 8 |     </style>
 9 |   </defs>
10 |   <path class="cls-1" d="m8.7161581,70.5570641c0,2.4204102-.0651855,4.2441406.0117798,6.0615234.2650757,6.2592773,1.7304688,11.9863281,7.2492676,15.8515625,2.0961914,1.4682617,4.3218384,2.7392578,6.675293,3.6982422,6.8986206,2.8095703,12.4552612,7.1445312,16.2451172,13.6445312.5064087.8686523,1.2446289,1.6142578,1.9368896,2.359375,3.1467285,3.3886719,7.0062256,5.0961914,11.6685181,4.9428711,3.4735718-.1142578,6.7943115-.9423828,9.9241333-2.3574219,9.3667603-4.2353516,18.8435669-7.8881836,29.1243286-9.5375977,7.2749634-1.1669922,12.0172119-6.1279297,14.5369873-13.1069336.8239136-2.2817383,1.2300415-4.6474609,1.5775146-7.0170898.6915283-4.7163086,2.9851685-8.2841797,7.1491089-10.6445312.9477539-.5375977,1.3181763-1.159668,2.2012329-1.800293,3.1641846-2.2958984,5.0458374-5.387207,5.6109009-9.2607422.5878906-4.0297852-.2290649-7.8164062-2.0206909-11.4311523-2.6206055-5.2871094-6.2943115-9.2304688-10.6642456-12.9775391-7.100769-6.0888672-7.9071655-9.5507812-10.3548584-19.015625-2.6619263-10.2939453-16.9299927-19.2294922-27.3804321-16.996582-8.0006104,1.7094727-15.8115234,2.1591797-23.7595215.2646484-.8413086-.2001953-1.7322998-.2231445-2.6032104-.2626953-4.2260742-.190918-7.663208,1.347168-10.2867432,4.7001953-1.5772095,2.015625-2.961853,4.1655273-4.1110229,6.434082-3.048645,6.0185547-7.7230835,10.2895508-13.6537476,13.3623047-2.7096558,1.4038086-5.385498,2.9223633-7.8926392,4.65625-3.8612061,2.6689453-7.0163574,5.9614258-7.6196899,10.9404297-.4396973,3.6279297.6728516,6.9765625,2.3781128,10.0488281,3.1351318,5.6479492,4.6774902,11.5854492,4.0576172,17.4433594Zm97.1416016,13.4462891c-2.545166,9.1616211-8.3133545,15.03125-17.6580811,17.2226562-.3540649.0830078-.7363892.0688477-1.1044312.059082-.1901855-.0048828-.3416138-.1347656-.3464355-.3974609.0529785-.4169922.34729-.7001953.7146606-.8964844.8175049-.4365234,1.6280518-.8964844,2.4790039-1.2583008,5.5744629-2.3706055,9.7168579-6.3120117,12.7501221-11.5.7113037-1.2167969,1.49646-2.390625,2.2650146-3.5727539.217041-.3339844.4920654-.831543.9206543-.6401367.4428711.1972656.067688.6660156-.0205078.9833984ZM77.3645345,7.2221032c5.8825073-.0361328,10.3515015,2.402832,13.2368164,7.5927734.109314.1962891.1658325.4262695.222229.6469727.0291138.1137695-.0224609.2260742-.1779785.2729492-.257019.0395508-.4755249-.0878906-.6543579-.2734375-.3981323-.4121094-.80896-.8168945-1.168335-1.2617188-2.3540649-2.9160156-5.4005127-4.7138672-9.0009766-5.640625-.8442993-.2172852-1.6757202-.4863281-2.5092773-.7431641-.2354736-.0727539-.5780029-.1523438-.5368042-.4399414.0426025-.2963867.3848877-.152832.5886841-.1538086Zm-7.5343018,7.0595703c20.9396362,4.3671875,36.3383179,23.5405273,36.1751709,45.2524414-.1679688,22.34375-15.9590454,41.0009766-38.2860107,45.0283203-20.375,3.675293-39.0632935-7.8862305-45.7973633-20.5454102,7.5846558,9.5517578,17.3511353,15.4208984,29.3483276,17.453125,21.7467651,3.6831055,42.928833-8.0014648,50.5445557-27.7958984,1.3510742-3.5117188,2.1722412-7.1513672,2.4928589-10.8129883,1.1505737-13.1386719-4.1528931-26.5581055-14.6230469-35.3530273-5.840332-4.90625-12.4750977-8.1772461-19.3685303-9.8666992-16.0026245-3.921875-33.4080811.730957-45.5683594,13.6147461-1.4712524,1.559082-2.7245483,3.3237305-4.2210693,5.1679688,6.8379517-13.6572266,25.9818726-27.0078125,49.3034668-22.1425781Zm6.0369873,45.4624023l-1.4141846.9423828c-.9428711.7075195-2.3570557.4711914-3.0641479-.4711914l-13.6706543-18.855957c-.7073364-.9433594-.4715576-2.3574219.4713135-3.0644531l1.4141235-.9428711c.9428711-.7075195,2.3570557-.4711914,3.0641479.4716797l13.6709595,18.8564453c.7068481.9423828.4713135,2.3564453-.4715576,3.0639648Zm4.2427368,4.0068359c.7070923-.4716797,1.4141846-.2358398,1.4141846.7070312l.4713135,4.7143555c0,.9423828-.7070923,1.4140625-1.4141846.9423828l-4.2424927-2.1206055c-.7073364-.4716797-.7073364-1.1791992,0-1.6503906l3.7711792-2.5927734Zm-12.2567139,1.8857422c1.1786499.4711914,1.6499023,2.1210938,1.1786499,3.2998047-.7070923,1.4140625-2.3570557,1.8857422-3.5354614,1.1782227-4.9498901-2.5922852-8.2497559-1.4140625-12.2565308-.2358398-1.8857422.7075195-3.5357056,1.1787109-5.6572266,1.4145508h-1.4141235c-1.885498,0-4.0067749-.4711914-6.3640747-1.4145508-1.1784058-.4711914-1.885498-1.8847656-1.4141846-3.2998047.4715576-1.1782227,1.8857422-1.8852539,3.2999268-1.4140625,2.121521.7075195,4.007019,1.1787109,5.4212036.9428711,1.6499023-.2353516,3.0643311-.7070312,4.7140503-1.1787109,4.4785767-1.1782227,9.4281616-2.828125,16.027771.7075195Zm-48.9063721-22.2285156c.2098999-.296875.505127-.5400391.7871094-.7768555.145813-.1220703.3452148-.1254883.5230103.0678711.2369385.347168.2047119.7543945.0599365,1.1450195-.3224487.8686523-.6239014,1.7504883-1.020752,2.5859375-2.5993042,5.4716797-3.085022,11.1689453-1.9140015,17.0634766.2746582,1.3818359.4656372,2.78125.6747437,4.1757812.059021.394043.1831665.9487305-.2644043,1.0898438-.4624634.1459961-.4924316-.4536133-.6369629-.7495117-4.1721802-8.5449219-3.7487183-16.7636719,1.7913208-24.6015625Z"/>
11 | </svg>


--------------------------------------------------------------------------------
/artwork/cosign/icons/dark blue/sigstore_cosign-icon-sigstoredarkblue.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/cosign/icons/dark blue/sigstore_cosign-icon-sigstoredarkblue.png


--------------------------------------------------------------------------------
/artwork/cosign/icons/dark blue/sigstore_cosign-icon-sigstoredarkblue.svg:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 125 120">
 3 |   <defs>
 4 |     <style>
 5 |       .cls-1 {
 6 |         fill: #2e2f71;
 7 |       }
 8 |     </style>
 9 |   </defs>
10 |   <path class="cls-1" d="m8.7161581,70.5570641c0,2.4204102-.0651855,4.2441406.0117798,6.0615234.2650757,6.2592773,1.7304688,11.9863281,7.2492676,15.8515625,2.0961914,1.4682617,4.3218384,2.7392578,6.675293,3.6982422,6.8986206,2.8095703,12.4552612,7.1445312,16.2451172,13.6445312.5064087.8686523,1.2446289,1.6142578,1.9368896,2.359375,3.1467285,3.3886719,7.0062256,5.0961914,11.6685181,4.9428711,3.4735718-.1142578,6.7943115-.9423828,9.9241333-2.3574219,9.3667603-4.2353516,18.8435669-7.8881836,29.1243286-9.5375977,7.2749634-1.1669922,12.0172119-6.1279297,14.5369873-13.1069336.8239136-2.2817383,1.2300415-4.6474609,1.5775146-7.0170898.6915283-4.7163086,2.9851685-8.2841797,7.1491089-10.6445312.9477539-.5375977,1.3181763-1.159668,2.2012329-1.800293,3.1641846-2.2958984,5.0458374-5.387207,5.6109009-9.2607422.5878906-4.0297852-.2290649-7.8164062-2.0206909-11.4311523-2.6206055-5.2871094-6.2943115-9.2304688-10.6642456-12.9775391-7.100769-6.0888672-7.9071655-9.5507812-10.3548584-19.015625-2.6619263-10.2939453-16.9299927-19.2294922-27.3804321-16.996582-8.0006104,1.7094727-15.8115234,2.1591797-23.7595215.2646484-.8413086-.2001953-1.7322998-.2231445-2.6032104-.2626953-4.2260742-.190918-7.663208,1.347168-10.2867432,4.7001953-1.5772095,2.015625-2.961853,4.1655273-4.1110229,6.434082-3.048645,6.0185547-7.7230835,10.2895508-13.6537476,13.3623047-2.7096558,1.4038086-5.385498,2.9223633-7.8926392,4.65625-3.8612061,2.6689453-7.0163574,5.9614258-7.6196899,10.9404297-.4396973,3.6279297.6728516,6.9765625,2.3781128,10.0488281,3.1351318,5.6479492,4.6774902,11.5854492,4.0576172,17.4433594Zm97.1416016,13.4462891c-2.545166,9.1616211-8.3133545,15.03125-17.6580811,17.2226562-.3540649.0830078-.7363892.0688477-1.1044312.059082-.1901855-.0048828-.3416138-.1347656-.3464355-.3974609.0529785-.4169922.34729-.7001953.7146606-.8964844.8175049-.4365234,1.6280518-.8964844,2.4790039-1.2583008,5.5744629-2.3706055,9.7168579-6.3120117,12.7501221-11.5.7113037-1.2167969,1.49646-2.390625,2.2650146-3.5727539.217041-.3339844.4920654-.831543.9206543-.6401367.4428711.1972656.067688.6660156-.0205078.9833984ZM77.3645345,7.2221032c5.8825073-.0361328,10.3515015,2.402832,13.2368164,7.5927734.109314.1962891.1658325.4262695.222229.6469727.0291138.1137695-.0224609.2260742-.1779785.2729492-.257019.0395508-.4755249-.0878906-.6543579-.2734375-.3981323-.4121094-.80896-.8168945-1.168335-1.2617188-2.3540649-2.9160156-5.4005127-4.7138672-9.0009766-5.640625-.8442993-.2172852-1.6757202-.4863281-2.5092773-.7431641-.2354736-.0727539-.5780029-.1523438-.5368042-.4399414.0426025-.2963867.3848877-.152832.5886841-.1538086Zm-7.5343018,7.0595703c20.9396362,4.3671875,36.3383179,23.5405273,36.1751709,45.2524414-.1679688,22.34375-15.9590454,41.0009766-38.2860107,45.0283203-20.375,3.675293-39.0632935-7.8862305-45.7973633-20.5454102,7.5846558,9.5517578,17.3511353,15.4208984,29.3483276,17.453125,21.7467651,3.6831055,42.928833-8.0014648,50.5445557-27.7958984,1.3510742-3.5117188,2.1722412-7.1513672,2.4928589-10.8129883,1.1505737-13.1386719-4.1528931-26.5581055-14.6230469-35.3530273-5.840332-4.90625-12.4750977-8.1772461-19.3685303-9.8666992-16.0026245-3.921875-33.4080811.730957-45.5683594,13.6147461-1.4712524,1.559082-2.7245483,3.3237305-4.2210693,5.1679688,6.8379517-13.6572266,25.9818726-27.0078125,49.3034668-22.1425781Zm6.0369873,45.4624023l-1.4141846.9423828c-.9428711.7075195-2.3570557.4711914-3.0641479-.4711914l-13.6706543-18.855957c-.7073364-.9433594-.4715576-2.3574219.4713135-3.0644531l1.4141235-.9428711c.9428711-.7075195,2.3570557-.4711914,3.0641479.4716797l13.6709595,18.8564453c.7068481.9423828.4713135,2.3564453-.4715576,3.0639648Zm4.2427368,4.0068359c.7070923-.4716797,1.4141846-.2358398,1.4141846.7070312l.4713135,4.7143555c0,.9423828-.7070923,1.4140625-1.4141846.9423828l-4.2424927-2.1206055c-.7073364-.4716797-.7073364-1.1791992,0-1.6503906l3.7711792-2.5927734Zm-12.2567139,1.8857422c1.1786499.4711914,1.6499023,2.1210938,1.1786499,3.2998047-.7070923,1.4140625-2.3570557,1.8857422-3.5354614,1.1782227-4.9498901-2.5922852-8.2497559-1.4140625-12.2565308-.2358398-1.8857422.7075195-3.5357056,1.1787109-5.6572266,1.4145508h-1.4141235c-1.885498,0-4.0067749-.4711914-6.3640747-1.4145508-1.1784058-.4711914-1.885498-1.8847656-1.4141846-3.2998047.4715576-1.1782227,1.8857422-1.8852539,3.2999268-1.4140625,2.121521.7075195,4.007019,1.1787109,5.4212036.9428711,1.6499023-.2353516,3.0643311-.7070312,4.7140503-1.1787109,4.4785767-1.1782227,9.4281616-2.828125,16.027771.7075195Zm-48.9063721-22.2285156c.2098999-.296875.505127-.5400391.7871094-.7768555.145813-.1220703.3452148-.1254883.5230103.0678711.2369385.347168.2047119.7543945.0599365,1.1450195-.3224487.8686523-.6239014,1.7504883-1.020752,2.5859375-2.5993042,5.4716797-3.085022,11.1689453-1.9140015,17.0634766.2746582,1.3818359.4656372,2.78125.6747437,4.1757812.059021.394043.1831665.9487305-.2644043,1.0898438-.4624634.1459961-.4924316-.4536133-.6369629-.7495117-4.1721802-8.5449219-3.7487183-16.7636719,1.7913208-24.6015625Z"/>
11 | </svg>


--------------------------------------------------------------------------------
/artwork/cosign/icons/white/sigstore_cosign-icon-white.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/cosign/icons/white/sigstore_cosign-icon-white.png


--------------------------------------------------------------------------------
/artwork/cosign/icons/white/sigstore_cosign-icon-white.svg:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 125 120">
 3 |   <defs>
 4 |     <style>
 5 |       .cls-1 {
 6 |         fill: #fff;
 7 |       }
 8 |     </style>
 9 |   </defs>
10 |   <path class="cls-1" d="m8.7161581,70.5570641c0,2.4204102-.0651855,4.2441406.0117798,6.0615234.2650757,6.2592773,1.7304688,11.9863281,7.2492676,15.8515625,2.0961914,1.4682617,4.3218384,2.7392578,6.675293,3.6982422,6.8986206,2.8095703,12.4552612,7.1445312,16.2451172,13.6445312.5064087.8686523,1.2446289,1.6142578,1.9368896,2.359375,3.1467285,3.3886719,7.0062256,5.0961914,11.6685181,4.9428711,3.4735718-.1142578,6.7943115-.9423828,9.9241333-2.3574219,9.3667603-4.2353516,18.8435669-7.8881836,29.1243286-9.5375977,7.2749634-1.1669922,12.0172119-6.1279297,14.5369873-13.1069336.8239136-2.2817383,1.2300415-4.6474609,1.5775146-7.0170898.6915283-4.7163086,2.9851685-8.2841797,7.1491089-10.6445312.9477539-.5375977,1.3181763-1.159668,2.2012329-1.800293,3.1641846-2.2958984,5.0458374-5.387207,5.6109009-9.2607422.5878906-4.0297852-.2290649-7.8164062-2.0206909-11.4311523-2.6206055-5.2871094-6.2943115-9.2304688-10.6642456-12.9775391-7.100769-6.0888672-7.9071655-9.5507812-10.3548584-19.015625-2.6619263-10.2939453-16.9299927-19.2294922-27.3804321-16.996582-8.0006104,1.7094727-15.8115234,2.1591797-23.7595215.2646484-.8413086-.2001953-1.7322998-.2231445-2.6032104-.2626953-4.2260742-.190918-7.663208,1.347168-10.2867432,4.7001953-1.5772095,2.015625-2.961853,4.1655273-4.1110229,6.434082-3.048645,6.0185547-7.7230835,10.2895508-13.6537476,13.3623047-2.7096558,1.4038086-5.385498,2.9223633-7.8926392,4.65625-3.8612061,2.6689453-7.0163574,5.9614258-7.6196899,10.9404297-.4396973,3.6279297.6728516,6.9765625,2.3781128,10.0488281,3.1351318,5.6479492,4.6774902,11.5854492,4.0576172,17.4433594Zm97.1416016,13.4462891c-2.545166,9.1616211-8.3133545,15.03125-17.6580811,17.2226562-.3540649.0830078-.7363892.0688477-1.1044312.059082-.1901855-.0048828-.3416138-.1347656-.3464355-.3974609.0529785-.4169922.34729-.7001953.7146606-.8964844.8175049-.4365234,1.6280518-.8964844,2.4790039-1.2583008,5.5744629-2.3706055,9.7168579-6.3120117,12.7501221-11.5.7113037-1.2167969,1.49646-2.390625,2.2650146-3.5727539.217041-.3339844.4920654-.831543.9206543-.6401367.4428711.1972656.067688.6660156-.0205078.9833984ZM77.3645345,7.2221032c5.8825073-.0361328,10.3515015,2.402832,13.2368164,7.5927734.109314.1962891.1658325.4262695.222229.6469727.0291138.1137695-.0224609.2260742-.1779785.2729492-.257019.0395508-.4755249-.0878906-.6543579-.2734375-.3981323-.4121094-.80896-.8168945-1.168335-1.2617188-2.3540649-2.9160156-5.4005127-4.7138672-9.0009766-5.640625-.8442993-.2172852-1.6757202-.4863281-2.5092773-.7431641-.2354736-.0727539-.5780029-.1523438-.5368042-.4399414.0426025-.2963867.3848877-.152832.5886841-.1538086Zm-7.5343018,7.0595703c20.9396362,4.3671875,36.3383179,23.5405273,36.1751709,45.2524414-.1679688,22.34375-15.9590454,41.0009766-38.2860107,45.0283203-20.375,3.675293-39.0632935-7.8862305-45.7973633-20.5454102,7.5846558,9.5517578,17.3511353,15.4208984,29.3483276,17.453125,21.7467651,3.6831055,42.928833-8.0014648,50.5445557-27.7958984,1.3510742-3.5117188,2.1722412-7.1513672,2.4928589-10.8129883,1.1505737-13.1386719-4.1528931-26.5581055-14.6230469-35.3530273-5.840332-4.90625-12.4750977-8.1772461-19.3685303-9.8666992-16.0026245-3.921875-33.4080811.730957-45.5683594,13.6147461-1.4712524,1.559082-2.7245483,3.3237305-4.2210693,5.1679688,6.8379517-13.6572266,25.9818726-27.0078125,49.3034668-22.1425781Zm6.0369873,45.4624023l-1.4141846.9423828c-.9428711.7075195-2.3570557.4711914-3.0641479-.4711914l-13.6706543-18.855957c-.7073364-.9433594-.4715576-2.3574219.4713135-3.0644531l1.4141235-.9428711c.9428711-.7075195,2.3570557-.4711914,3.0641479.4716797l13.6709595,18.8564453c.7068481.9423828.4713135,2.3564453-.4715576,3.0639648Zm4.2427368,4.0068359c.7070923-.4716797,1.4141846-.2358398,1.4141846.7070312l.4713135,4.7143555c0,.9423828-.7070923,1.4140625-1.4141846.9423828l-4.2424927-2.1206055c-.7073364-.4716797-.7073364-1.1791992,0-1.6503906l3.7711792-2.5927734Zm-12.2567139,1.8857422c1.1786499.4711914,1.6499023,2.1210938,1.1786499,3.2998047-.7070923,1.4140625-2.3570557,1.8857422-3.5354614,1.1782227-4.9498901-2.5922852-8.2497559-1.4140625-12.2565308-.2358398-1.8857422.7075195-3.5357056,1.1787109-5.6572266,1.4145508h-1.4141235c-1.885498,0-4.0067749-.4711914-6.3640747-1.4145508-1.1784058-.4711914-1.885498-1.8847656-1.4141846-3.2998047.4715576-1.1782227,1.8857422-1.8852539,3.2999268-1.4140625,2.121521.7075195,4.007019,1.1787109,5.4212036.9428711,1.6499023-.2353516,3.0643311-.7070312,4.7140503-1.1787109,4.4785767-1.1782227,9.4281616-2.828125,16.027771.7075195Zm-48.9063721-22.2285156c.2098999-.296875.505127-.5400391.7871094-.7768555.145813-.1220703.3452148-.1254883.5230103.0678711.2369385.347168.2047119.7543945.0599365,1.1450195-.3224487.8686523-.6239014,1.7504883-1.020752,2.5859375-2.5993042,5.4716797-3.085022,11.1689453-1.9140015,17.0634766.2746582,1.3818359.4656372,2.78125.6747437,4.1757812.059021.394043.1831665.9487305-.2644043,1.0898438-.4624634.1459961-.4924316-.4536133-.6369629-.7495117-4.1721802-8.5449219-3.7487183-16.7636719,1.7913208-24.6015625Z"/>
11 | </svg>


--------------------------------------------------------------------------------
/artwork/cosign/stacked/black/sigstore_cosign-stacked-black.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/cosign/stacked/black/sigstore_cosign-stacked-black.png


--------------------------------------------------------------------------------
/artwork/cosign/stacked/color reverse/sigstore_cosign-stacked-colorreverse.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/cosign/stacked/color reverse/sigstore_cosign-stacked-colorreverse.png


--------------------------------------------------------------------------------
/artwork/cosign/stacked/color/sigstore_cosign-stacked-color.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/cosign/stacked/color/sigstore_cosign-stacked-color.png


--------------------------------------------------------------------------------
/artwork/cosign/stacked/cream/sigstore_cosign-stacked-sigstorecream.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/cosign/stacked/cream/sigstore_cosign-stacked-sigstorecream.png


--------------------------------------------------------------------------------
/artwork/cosign/stacked/dark blue/sigstore_cosign-stacked-sigstoredarkblue.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/cosign/stacked/dark blue/sigstore_cosign-stacked-sigstoredarkblue.png


--------------------------------------------------------------------------------
/artwork/cosign/stacked/white/sigstore_cosign-stacked-white.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/cosign/stacked/white/sigstore_cosign-stacked-white.png


--------------------------------------------------------------------------------
/artwork/fulcio/horizontal/black/sigstore_fulcio-horizontal-black.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/fulcio/horizontal/black/sigstore_fulcio-horizontal-black.png


--------------------------------------------------------------------------------
/artwork/fulcio/horizontal/color reverse/sigstore_fulcio-horizontal-colorreverse.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/fulcio/horizontal/color reverse/sigstore_fulcio-horizontal-colorreverse.png


--------------------------------------------------------------------------------
/artwork/fulcio/horizontal/color/sigstore_fulcio-horizontal-color.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/fulcio/horizontal/color/sigstore_fulcio-horizontal-color.png


--------------------------------------------------------------------------------
/artwork/fulcio/horizontal/cream/sigstore_fulcio-horizontal-sigstorecream.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/fulcio/horizontal/cream/sigstore_fulcio-horizontal-sigstorecream.png


--------------------------------------------------------------------------------
/artwork/fulcio/horizontal/dark blue/sigstore_fulcio-horizontal-sigstoredarkblue.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/fulcio/horizontal/dark blue/sigstore_fulcio-horizontal-sigstoredarkblue.png


--------------------------------------------------------------------------------
/artwork/fulcio/horizontal/white/sigstore_fulcio-horizontal-white.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/fulcio/horizontal/white/sigstore_fulcio-horizontal-white.png


--------------------------------------------------------------------------------
/artwork/fulcio/icons/black/sigstore_fulcio-icon-black.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/fulcio/icons/black/sigstore_fulcio-icon-black.png


--------------------------------------------------------------------------------
/artwork/fulcio/icons/color/sigstore_fulcio-icon-color.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/fulcio/icons/color/sigstore_fulcio-icon-color.png


--------------------------------------------------------------------------------
/artwork/fulcio/icons/cream/sigstore_fulcio-icon-sigstorecream.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/fulcio/icons/cream/sigstore_fulcio-icon-sigstorecream.png


--------------------------------------------------------------------------------
/artwork/fulcio/icons/dark blue/sigstore_fulcio-icon-sigstoredarkblue.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/fulcio/icons/dark blue/sigstore_fulcio-icon-sigstoredarkblue.png


--------------------------------------------------------------------------------
/artwork/fulcio/icons/white/sigstore_fulcio-icon-white.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/fulcio/icons/white/sigstore_fulcio-icon-white.png


--------------------------------------------------------------------------------
/artwork/fulcio/stacked/black/sigstore_fulcio-stacked-black.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/fulcio/stacked/black/sigstore_fulcio-stacked-black.png


--------------------------------------------------------------------------------
/artwork/fulcio/stacked/color reverse/sigstore_fulcio-stacked-colorreverse.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/fulcio/stacked/color reverse/sigstore_fulcio-stacked-colorreverse.png


--------------------------------------------------------------------------------
/artwork/fulcio/stacked/color/sigstore_fulcio-stacked-color.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/fulcio/stacked/color/sigstore_fulcio-stacked-color.png


--------------------------------------------------------------------------------
/artwork/fulcio/stacked/cream/sigstore_fulcio-stacked-sigstorecream.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/fulcio/stacked/cream/sigstore_fulcio-stacked-sigstorecream.png


--------------------------------------------------------------------------------
/artwork/fulcio/stacked/dark blue/sigstore_fulcio-stacked-sigstoredarkblue.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/fulcio/stacked/dark blue/sigstore_fulcio-stacked-sigstoredarkblue.png


--------------------------------------------------------------------------------
/artwork/fulcio/stacked/white/sigstore_fulcio-stacked-white.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/fulcio/stacked/white/sigstore_fulcio-stacked-white.png


--------------------------------------------------------------------------------
/artwork/gitsign/horizontal/black/sigstore_gitsign-horizontal-black.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/gitsign/horizontal/black/sigstore_gitsign-horizontal-black.png


--------------------------------------------------------------------------------
/artwork/gitsign/horizontal/color reverse/sigstore_gitsign-horizontal-colorreverse.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/gitsign/horizontal/color reverse/sigstore_gitsign-horizontal-colorreverse.png


--------------------------------------------------------------------------------
/artwork/gitsign/horizontal/color/sigstore_gitsign-horizontal-color.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/gitsign/horizontal/color/sigstore_gitsign-horizontal-color.png


--------------------------------------------------------------------------------
/artwork/gitsign/horizontal/cream/sigstore_gitsign-horizontal-sigstorecream.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/gitsign/horizontal/cream/sigstore_gitsign-horizontal-sigstorecream.png


--------------------------------------------------------------------------------
/artwork/gitsign/horizontal/dark blue/sigstore_gitsign-horizontal-sigstoredarkblue.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/gitsign/horizontal/dark blue/sigstore_gitsign-horizontal-sigstoredarkblue.png


--------------------------------------------------------------------------------
/artwork/gitsign/horizontal/white/sigstore_gitsign-horizontal-white.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/gitsign/horizontal/white/sigstore_gitsign-horizontal-white.png


--------------------------------------------------------------------------------
/artwork/gitsign/icons/black/sigstore_gitsign-icon-black.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/gitsign/icons/black/sigstore_gitsign-icon-black.png


--------------------------------------------------------------------------------
/artwork/gitsign/icons/black/sigstore_gitsign-icon-black.svg:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 125 120">
 3 |   <defs>
 4 |     <style>
 5 |       .cls-1 {
 6 |         fill: #231f20;
 7 |       }
 8 |     </style>
 9 |   </defs>
10 |   <path class="cls-1" d="m109.9422933,38.9819672c-7.100769-6.0888672-7.9071655-9.5507812-10.3548584-19.015625-2.6619263-10.2939453-16.9299927-19.2294922-27.3804321-16.996582-8.0006104,1.7094727-15.8115234,2.1591797-23.7595215.2646484-.8413086-.2001953-1.7322998-.2231445-2.6032104-.2626953-4.2260742-.190918-7.663208,1.347168-10.2867432,4.7001953-1.5772095,2.015625-2.961853,4.1655273-4.1110229,6.434082-3.048645,6.0185547-7.7230835,10.2895508-13.6537476,13.3623047-2.7096558,1.4038086-5.385498,2.9223633-7.8926392,4.65625-3.8612061,2.6689453-7.0163574,5.9614258-7.6196899,10.9404297-.4396973,3.6279297.6728516,6.9765625,2.3781128,10.0488281,3.1351318,5.6479492,4.6774902,11.5854492,4.0576172,17.4433594,0,2.4204102-.0651855,4.2441406.0117798,6.0615234.2650757,6.2592773,1.7304688,11.9863281,7.2492676,15.8515625,2.0961914,1.4682617,4.3218384,2.7392578,6.675293,3.6982422,6.8986206,2.8095703,12.4552612,7.1445312,16.2451172,13.6445312.5064087.8686523,1.2446289,1.6142578,1.9368896,2.359375,3.1467285,3.3886719,7.0062256,5.0961914,11.6685181,4.9428711,3.4735718-.1142578,6.7943115-.9423828,9.9241333-2.3574219,9.3667603-4.2353516,18.8435669-7.8881836,29.1243286-9.5375977,7.2749634-1.1669922,12.0172119-6.1279297,14.5369873-13.1069336.8239136-2.2817383,1.2300415-4.6474609,1.5775146-7.0170898.6915283-4.7163086,2.9851685-8.2841797,7.1491089-10.6445312.9477539-.5375977,1.3181763-1.159668,2.2012329-1.800293,3.1641846-2.2958984,5.0458374-5.387207,5.6109009-9.2607422.5878906-4.0297852-.2290649-7.8164062-2.0206909-11.4311523-2.6206055-5.2871094-6.2943115-9.2304688-10.6642456-12.9775391ZM77.3645345,7.2222016c5.8825073-.0361328,10.3515015,2.402832,13.2368164,7.5927734.109314.1962891.1658325.4262695.222229.6469727.0291138.1137695-.0224609.2260742-.1779785.2729492-.257019.0395508-.4755249-.0878906-.6543579-.2734375-.3981323-.4121094-.80896-.8168945-1.168335-1.2617188-2.3540649-2.9160156-5.4005127-4.7138672-9.0009766-5.640625-.8442993-.2172852-1.6757202-.4863281-2.5092773-.7431641-.2354736-.0727539-.5780029-.1523438-.5368042-.4399414.0426025-.2963867.3848877-.152832.5886841-.1538086ZM20.3169271,43.8442719c-.3224487.8686523-.6239014,1.7504883-1.020752,2.5859375-2.5993042,5.4716797-3.085022,11.1689453-1.9140015,17.0634766.2746582,1.3818359.4656372,2.78125.6747437,4.1757812.059021.394043.1831665.9487305-.2644043,1.0898438-.4624634.1459961-.4924316-.4536133-.6369629-.7495117-4.1721802-8.5449219-3.7487183-16.7636719,1.7913208-24.6015625.2098999-.296875.505127-.5400391.7871094-.7768555.145813-.1220703.3452148-.1254883.5230103.0678711.2369385.347168.2047119.7543945.0599365,1.1450195Zm1.6051025,40.1728516c7.5846558,9.5517578,17.3511353,15.4208984,29.3483276,17.453125,21.7467651,3.6831055,42.928833-8.0014648,50.5445557-27.7958984,1.3510742-3.5117188,2.1722412-7.1513672,2.4928589-10.8129883,1.1505737-13.1386719-4.1528931-26.5581055-14.6230469-35.3530273-5.840332-4.90625-12.4750977-8.1772461-19.3685303-9.8666992-16.0026245-3.921875-33.4080811.730957-45.5683594,13.6147461-1.4712524,1.559082-2.7245483,3.3237305-4.2210693,5.1679688,6.8379517-13.6572266,25.9818726-27.0078125,49.3034668-22.1425781,20.9396362,4.3671875,36.3383179,23.5405273,36.1751709,45.2524414-.1679688,22.34375-15.9590454,41.0009766-38.2860107,45.0283203-20.375,3.675293-39.0632935-7.8862305-45.7973633-20.5454102Zm28.1140747-16.3198242c.6370239-.2363281,1.3225708-.371582,2.0407104-.371582,1.1020508,0,2.1306763.3095703,3.0139771.8378906l20.7705078-20.7680664c-.4334106-.8203125-.6815796-1.7529297-.6815796-2.7436523,0-3.2504883,2.6445923-5.8950195,5.8954468-5.8950195,3.2507935,0,5.8953857,2.6445312,5.8953857,5.8950195,0,3.2509766-2.6445923,5.8955078-5.8953857,5.8955078-.8605957,0-1.6762695-.1894531-2.4140625-.5224609l-21.0866699,21.0854492c.2528687.65625.3972778,1.3662109.3972778,2.1108398,0,3.2504883-2.6445923,5.8950195-5.8948975,5.8950195-3.2507935,0-5.8954468-2.6445312-5.8954468-5.8950195,0-1.1308594.3255005-2.184082.8794556-3.0825195l-5.3193359-7.5019531c-.526123.1542969-1.0809937.2412109-1.6563721.2412109-3.2508545,0-5.8954468-2.6445312-5.8954468-5.8955078s2.6445923-5.8955078,5.8954468-5.8955078c3.2507935,0,5.8953857,2.6445312,5.8953857,5.8955078,0,1.2802734-.4146118,2.4628906-1.1103516,3.4301758l5.1659546,7.284668Zm55.8216553,16.3061523c-2.545166,9.1616211-8.3133545,15.03125-17.6580811,17.2226562-.3540649.0830078-.7363892.0688477-1.1044312.059082-.1901855-.0048828-.3416138-.1347656-.3464355-.3974609.0529785-.4169922.34729-.7001953.7146606-.8964844.8175049-.4365234,1.6280518-.8964844,2.4790039-1.2583008,5.5744629-2.3706055,9.7168579-6.3120117,12.7501221-11.5.7113037-1.2167969,1.49646-2.390625,2.2650146-3.5727539.217041-.3339844.4920654-.831543.9206543-.6401367.4428711.1972656.067688.6660156-.0205078.9833984Z"/>
11 | </svg>


--------------------------------------------------------------------------------
/artwork/gitsign/icons/color/sigstore_gitsign-icon-color.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/gitsign/icons/color/sigstore_gitsign-icon-color.png


--------------------------------------------------------------------------------
/artwork/gitsign/icons/cream/sigstore_gitsign-icon-sigstorecream.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/gitsign/icons/cream/sigstore_gitsign-icon-sigstorecream.png


--------------------------------------------------------------------------------
/artwork/gitsign/icons/cream/sigstore_gitsign-icon-sigstorecream.svg:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 125 120">
 3 |   <defs>
 4 |     <style>
 5 |       .cls-1 {
 6 |         fill: #faf7ef;
 7 |       }
 8 |     </style>
 9 |   </defs>
10 |   <path class="cls-1" d="m109.9422933,38.9819672c-7.100769-6.0888672-7.9071655-9.5507812-10.3548584-19.015625-2.6619263-10.2939453-16.9299927-19.2294922-27.3804321-16.996582-8.0006104,1.7094727-15.8115234,2.1591797-23.7595215.2646484-.8413086-.2001953-1.7322998-.2231445-2.6032104-.2626953-4.2260742-.190918-7.663208,1.347168-10.2867432,4.7001953-1.5772095,2.015625-2.961853,4.1655273-4.1110229,6.434082-3.048645,6.0185547-7.7230835,10.2895508-13.6537476,13.3623047-2.7096558,1.4038086-5.385498,2.9223633-7.8926392,4.65625-3.8612061,2.6689453-7.0163574,5.9614258-7.6196899,10.9404297-.4396973,3.6279297.6728516,6.9765625,2.3781128,10.0488281,3.1351318,5.6479492,4.6774902,11.5854492,4.0576172,17.4433594,0,2.4204102-.0651855,4.2441406.0117798,6.0615234.2650757,6.2592773,1.7304688,11.9863281,7.2492676,15.8515625,2.0961914,1.4682617,4.3218384,2.7392578,6.675293,3.6982422,6.8986206,2.8095703,12.4552612,7.1445312,16.2451172,13.6445312.5064087.8686523,1.2446289,1.6142578,1.9368896,2.359375,3.1467285,3.3886719,7.0062256,5.0961914,11.6685181,4.9428711,3.4735718-.1142578,6.7943115-.9423828,9.9241333-2.3574219,9.3667603-4.2353516,18.8435669-7.8881836,29.1243286-9.5375977,7.2749634-1.1669922,12.0172119-6.1279297,14.5369873-13.1069336.8239136-2.2817383,1.2300415-4.6474609,1.5775146-7.0170898.6915283-4.7163086,2.9851685-8.2841797,7.1491089-10.6445312.9477539-.5375977,1.3181763-1.159668,2.2012329-1.800293,3.1641846-2.2958984,5.0458374-5.387207,5.6109009-9.2607422.5878906-4.0297852-.2290649-7.8164062-2.0206909-11.4311523-2.6206055-5.2871094-6.2943115-9.2304688-10.6642456-12.9775391ZM77.3645345,7.2222016c5.8825073-.0361328,10.3515015,2.402832,13.2368164,7.5927734.109314.1962891.1658325.4262695.222229.6469727.0291138.1137695-.0224609.2260742-.1779785.2729492-.257019.0395508-.4755249-.0878906-.6543579-.2734375-.3981323-.4121094-.80896-.8168945-1.168335-1.2617188-2.3540649-2.9160156-5.4005127-4.7138672-9.0009766-5.640625-.8442993-.2172852-1.6757202-.4863281-2.5092773-.7431641-.2354736-.0727539-.5780029-.1523438-.5368042-.4399414.0426025-.2963867.3848877-.152832.5886841-.1538086ZM20.3169271,43.8442719c-.3224487.8686523-.6239014,1.7504883-1.020752,2.5859375-2.5993042,5.4716797-3.085022,11.1689453-1.9140015,17.0634766.2746582,1.3818359.4656372,2.78125.6747437,4.1757812.059021.394043.1831665.9487305-.2644043,1.0898438-.4624634.1459961-.4924316-.4536133-.6369629-.7495117-4.1721802-8.5449219-3.7487183-16.7636719,1.7913208-24.6015625.2098999-.296875.505127-.5400391.7871094-.7768555.145813-.1220703.3452148-.1254883.5230103.0678711.2369385.347168.2047119.7543945.0599365,1.1450195Zm1.6051025,40.1728516c7.5846558,9.5517578,17.3511353,15.4208984,29.3483276,17.453125,21.7467651,3.6831055,42.928833-8.0014648,50.5445557-27.7958984,1.3510742-3.5117188,2.1722412-7.1513672,2.4928589-10.8129883,1.1505737-13.1386719-4.1528931-26.5581055-14.6230469-35.3530273-5.840332-4.90625-12.4750977-8.1772461-19.3685303-9.8666992-16.0026245-3.921875-33.4080811.730957-45.5683594,13.6147461-1.4712524,1.559082-2.7245483,3.3237305-4.2210693,5.1679688,6.8379517-13.6572266,25.9818726-27.0078125,49.3034668-22.1425781,20.9396362,4.3671875,36.3383179,23.5405273,36.1751709,45.2524414-.1679688,22.34375-15.9590454,41.0009766-38.2860107,45.0283203-20.375,3.675293-39.0632935-7.8862305-45.7973633-20.5454102Zm28.1140747-16.3198242c.6370239-.2363281,1.3225708-.371582,2.0407104-.371582,1.1020508,0,2.1306763.3095703,3.0139771.8378906l20.7705078-20.7680664c-.4334106-.8203125-.6815796-1.7529297-.6815796-2.7436523,0-3.2504883,2.6445923-5.8950195,5.8954468-5.8950195,3.2507935,0,5.8953857,2.6445312,5.8953857,5.8950195,0,3.2509766-2.6445923,5.8955078-5.8953857,5.8955078-.8605957,0-1.6762695-.1894531-2.4140625-.5224609l-21.0866699,21.0854492c.2528687.65625.3972778,1.3662109.3972778,2.1108398,0,3.2504883-2.6445923,5.8950195-5.8948975,5.8950195-3.2507935,0-5.8954468-2.6445312-5.8954468-5.8950195,0-1.1308594.3255005-2.184082.8794556-3.0825195l-5.3193359-7.5019531c-.526123.1542969-1.0809937.2412109-1.6563721.2412109-3.2508545,0-5.8954468-2.6445312-5.8954468-5.8955078s2.6445923-5.8955078,5.8954468-5.8955078c3.2507935,0,5.8953857,2.6445312,5.8953857,5.8955078,0,1.2802734-.4146118,2.4628906-1.1103516,3.4301758l5.1659546,7.284668Zm55.8216553,16.3061523c-2.545166,9.1616211-8.3133545,15.03125-17.6580811,17.2226562-.3540649.0830078-.7363892.0688477-1.1044312.059082-.1901855-.0048828-.3416138-.1347656-.3464355-.3974609.0529785-.4169922.34729-.7001953.7146606-.8964844.8175049-.4365234,1.6280518-.8964844,2.4790039-1.2583008,5.5744629-2.3706055,9.7168579-6.3120117,12.7501221-11.5.7113037-1.2167969,1.49646-2.390625,2.2650146-3.5727539.217041-.3339844.4920654-.831543.9206543-.6401367.4428711.1972656.067688.6660156-.0205078.9833984Z"/>
11 | </svg>


--------------------------------------------------------------------------------
/artwork/gitsign/icons/dark blue/sigstore_gitsign-icon-sigstoredarkblue.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/gitsign/icons/dark blue/sigstore_gitsign-icon-sigstoredarkblue.png


--------------------------------------------------------------------------------
/artwork/gitsign/icons/dark blue/sigstore_gitsign-icon-sigstoredarkblue.svg:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 125 120">
 3 |   <defs>
 4 |     <style>
 5 |       .cls-1 {
 6 |         fill: #2e2f71;
 7 |       }
 8 |     </style>
 9 |   </defs>
10 |   <path class="cls-1" d="m109.9422933,38.9819672c-7.100769-6.0888672-7.9071655-9.5507812-10.3548584-19.015625-2.6619263-10.2939453-16.9299927-19.2294922-27.3804321-16.996582-8.0006104,1.7094727-15.8115234,2.1591797-23.7595215.2646484-.8413086-.2001953-1.7322998-.2231445-2.6032104-.2626953-4.2260742-.190918-7.663208,1.347168-10.2867432,4.7001953-1.5772095,2.015625-2.961853,4.1655273-4.1110229,6.434082-3.048645,6.0185547-7.7230835,10.2895508-13.6537476,13.3623047-2.7096558,1.4038086-5.385498,2.9223633-7.8926392,4.65625-3.8612061,2.6689453-7.0163574,5.9614258-7.6196899,10.9404297-.4396973,3.6279297.6728516,6.9765625,2.3781128,10.0488281,3.1351318,5.6479492,4.6774902,11.5854492,4.0576172,17.4433594,0,2.4204102-.0651855,4.2441406.0117798,6.0615234.2650757,6.2592773,1.7304688,11.9863281,7.2492676,15.8515625,2.0961914,1.4682617,4.3218384,2.7392578,6.675293,3.6982422,6.8986206,2.8095703,12.4552612,7.1445312,16.2451172,13.6445312.5064087.8686523,1.2446289,1.6142578,1.9368896,2.359375,3.1467285,3.3886719,7.0062256,5.0961914,11.6685181,4.9428711,3.4735718-.1142578,6.7943115-.9423828,9.9241333-2.3574219,9.3667603-4.2353516,18.8435669-7.8881836,29.1243286-9.5375977,7.2749634-1.1669922,12.0172119-6.1279297,14.5369873-13.1069336.8239136-2.2817383,1.2300415-4.6474609,1.5775146-7.0170898.6915283-4.7163086,2.9851685-8.2841797,7.1491089-10.6445312.9477539-.5375977,1.3181763-1.159668,2.2012329-1.800293,3.1641846-2.2958984,5.0458374-5.387207,5.6109009-9.2607422.5878906-4.0297852-.2290649-7.8164062-2.0206909-11.4311523-2.6206055-5.2871094-6.2943115-9.2304688-10.6642456-12.9775391ZM77.3645345,7.2222016c5.8825073-.0361328,10.3515015,2.402832,13.2368164,7.5927734.109314.1962891.1658325.4262695.222229.6469727.0291138.1137695-.0224609.2260742-.1779785.2729492-.257019.0395508-.4755249-.0878906-.6543579-.2734375-.3981323-.4121094-.80896-.8168945-1.168335-1.2617188-2.3540649-2.9160156-5.4005127-4.7138672-9.0009766-5.640625-.8442993-.2172852-1.6757202-.4863281-2.5092773-.7431641-.2354736-.0727539-.5780029-.1523438-.5368042-.4399414.0426025-.2963867.3848877-.152832.5886841-.1538086ZM20.3169271,43.8442719c-.3224487.8686523-.6239014,1.7504883-1.020752,2.5859375-2.5993042,5.4716797-3.085022,11.1689453-1.9140015,17.0634766.2746582,1.3818359.4656372,2.78125.6747437,4.1757812.059021.394043.1831665.9487305-.2644043,1.0898438-.4624634.1459961-.4924316-.4536133-.6369629-.7495117-4.1721802-8.5449219-3.7487183-16.7636719,1.7913208-24.6015625.2098999-.296875.505127-.5400391.7871094-.7768555.145813-.1220703.3452148-.1254883.5230103.0678711.2369385.347168.2047119.7543945.0599365,1.1450195Zm1.6051025,40.1728516c7.5846558,9.5517578,17.3511353,15.4208984,29.3483276,17.453125,21.7467651,3.6831055,42.928833-8.0014648,50.5445557-27.7958984,1.3510742-3.5117188,2.1722412-7.1513672,2.4928589-10.8129883,1.1505737-13.1386719-4.1528931-26.5581055-14.6230469-35.3530273-5.840332-4.90625-12.4750977-8.1772461-19.3685303-9.8666992-16.0026245-3.921875-33.4080811.730957-45.5683594,13.6147461-1.4712524,1.559082-2.7245483,3.3237305-4.2210693,5.1679688,6.8379517-13.6572266,25.9818726-27.0078125,49.3034668-22.1425781,20.9396362,4.3671875,36.3383179,23.5405273,36.1751709,45.2524414-.1679688,22.34375-15.9590454,41.0009766-38.2860107,45.0283203-20.375,3.675293-39.0632935-7.8862305-45.7973633-20.5454102Zm28.1140747-16.3198242c.6370239-.2363281,1.3225708-.371582,2.0407104-.371582,1.1020508,0,2.1306763.3095703,3.0139771.8378906l20.7705078-20.7680664c-.4334106-.8203125-.6815796-1.7529297-.6815796-2.7436523,0-3.2504883,2.6445923-5.8950195,5.8954468-5.8950195,3.2507935,0,5.8953857,2.6445312,5.8953857,5.8950195,0,3.2509766-2.6445923,5.8955078-5.8953857,5.8955078-.8605957,0-1.6762695-.1894531-2.4140625-.5224609l-21.0866699,21.0854492c.2528687.65625.3972778,1.3662109.3972778,2.1108398,0,3.2504883-2.6445923,5.8950195-5.8948975,5.8950195-3.2507935,0-5.8954468-2.6445312-5.8954468-5.8950195,0-1.1308594.3255005-2.184082.8794556-3.0825195l-5.3193359-7.5019531c-.526123.1542969-1.0809937.2412109-1.6563721.2412109-3.2508545,0-5.8954468-2.6445312-5.8954468-5.8955078s2.6445923-5.8955078,5.8954468-5.8955078c3.2507935,0,5.8953857,2.6445312,5.8953857,5.8955078,0,1.2802734-.4146118,2.4628906-1.1103516,3.4301758l5.1659546,7.284668Zm55.8216553,16.3061523c-2.545166,9.1616211-8.3133545,15.03125-17.6580811,17.2226562-.3540649.0830078-.7363892.0688477-1.1044312.059082-.1901855-.0048828-.3416138-.1347656-.3464355-.3974609.0529785-.4169922.34729-.7001953.7146606-.8964844.8175049-.4365234,1.6280518-.8964844,2.4790039-1.2583008,5.5744629-2.3706055,9.7168579-6.3120117,12.7501221-11.5.7113037-1.2167969,1.49646-2.390625,2.2650146-3.5727539.217041-.3339844.4920654-.831543.9206543-.6401367.4428711.1972656.067688.6660156-.0205078.9833984Z"/>
11 | </svg>


--------------------------------------------------------------------------------
/artwork/gitsign/icons/white/sigstore_gitsign-icon-white.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/gitsign/icons/white/sigstore_gitsign-icon-white.png


--------------------------------------------------------------------------------
/artwork/gitsign/icons/white/sigstore_gitsign-icon-white.svg:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 125 120">
 3 |   <defs>
 4 |     <style>
 5 |       .cls-1 {
 6 |         fill: #fff;
 7 |       }
 8 |     </style>
 9 |   </defs>
10 |   <path class="cls-1" d="m109.9422933,38.9819672c-7.100769-6.0888672-7.9071655-9.5507812-10.3548584-19.015625-2.6619263-10.2939453-16.9299927-19.2294922-27.3804321-16.996582-8.0006104,1.7094727-15.8115234,2.1591797-23.7595215.2646484-.8413086-.2001953-1.7322998-.2231445-2.6032104-.2626953-4.2260742-.190918-7.663208,1.347168-10.2867432,4.7001953-1.5772095,2.015625-2.961853,4.1655273-4.1110229,6.434082-3.048645,6.0185547-7.7230835,10.2895508-13.6537476,13.3623047-2.7096558,1.4038086-5.385498,2.9223633-7.8926392,4.65625-3.8612061,2.6689453-7.0163574,5.9614258-7.6196899,10.9404297-.4396973,3.6279297.6728516,6.9765625,2.3781128,10.0488281,3.1351318,5.6479492,4.6774902,11.5854492,4.0576172,17.4433594,0,2.4204102-.0651855,4.2441406.0117798,6.0615234.2650757,6.2592773,1.7304688,11.9863281,7.2492676,15.8515625,2.0961914,1.4682617,4.3218384,2.7392578,6.675293,3.6982422,6.8986206,2.8095703,12.4552612,7.1445312,16.2451172,13.6445312.5064087.8686523,1.2446289,1.6142578,1.9368896,2.359375,3.1467285,3.3886719,7.0062256,5.0961914,11.6685181,4.9428711,3.4735718-.1142578,6.7943115-.9423828,9.9241333-2.3574219,9.3667603-4.2353516,18.8435669-7.8881836,29.1243286-9.5375977,7.2749634-1.1669922,12.0172119-6.1279297,14.5369873-13.1069336.8239136-2.2817383,1.2300415-4.6474609,1.5775146-7.0170898.6915283-4.7163086,2.9851685-8.2841797,7.1491089-10.6445312.9477539-.5375977,1.3181763-1.159668,2.2012329-1.800293,3.1641846-2.2958984,5.0458374-5.387207,5.6109009-9.2607422.5878906-4.0297852-.2290649-7.8164062-2.0206909-11.4311523-2.6206055-5.2871094-6.2943115-9.2304688-10.6642456-12.9775391ZM77.3645345,7.2222016c5.8825073-.0361328,10.3515015,2.402832,13.2368164,7.5927734.109314.1962891.1658325.4262695.222229.6469727.0291138.1137695-.0224609.2260742-.1779785.2729492-.257019.0395508-.4755249-.0878906-.6543579-.2734375-.3981323-.4121094-.80896-.8168945-1.168335-1.2617188-2.3540649-2.9160156-5.4005127-4.7138672-9.0009766-5.640625-.8442993-.2172852-1.6757202-.4863281-2.5092773-.7431641-.2354736-.0727539-.5780029-.1523438-.5368042-.4399414.0426025-.2963867.3848877-.152832.5886841-.1538086ZM20.3169271,43.8442719c-.3224487.8686523-.6239014,1.7504883-1.020752,2.5859375-2.5993042,5.4716797-3.085022,11.1689453-1.9140015,17.0634766.2746582,1.3818359.4656372,2.78125.6747437,4.1757812.059021.394043.1831665.9487305-.2644043,1.0898438-.4624634.1459961-.4924316-.4536133-.6369629-.7495117-4.1721802-8.5449219-3.7487183-16.7636719,1.7913208-24.6015625.2098999-.296875.505127-.5400391.7871094-.7768555.145813-.1220703.3452148-.1254883.5230103.0678711.2369385.347168.2047119.7543945.0599365,1.1450195Zm1.6051025,40.1728516c7.5846558,9.5517578,17.3511353,15.4208984,29.3483276,17.453125,21.7467651,3.6831055,42.928833-8.0014648,50.5445557-27.7958984,1.3510742-3.5117188,2.1722412-7.1513672,2.4928589-10.8129883,1.1505737-13.1386719-4.1528931-26.5581055-14.6230469-35.3530273-5.840332-4.90625-12.4750977-8.1772461-19.3685303-9.8666992-16.0026245-3.921875-33.4080811.730957-45.5683594,13.6147461-1.4712524,1.559082-2.7245483,3.3237305-4.2210693,5.1679688,6.8379517-13.6572266,25.9818726-27.0078125,49.3034668-22.1425781,20.9396362,4.3671875,36.3383179,23.5405273,36.1751709,45.2524414-.1679688,22.34375-15.9590454,41.0009766-38.2860107,45.0283203-20.375,3.675293-39.0632935-7.8862305-45.7973633-20.5454102Zm28.1140747-16.3198242c.6370239-.2363281,1.3225708-.371582,2.0407104-.371582,1.1020508,0,2.1306763.3095703,3.0139771.8378906l20.7705078-20.7680664c-.4334106-.8203125-.6815796-1.7529297-.6815796-2.7436523,0-3.2504883,2.6445923-5.8950195,5.8954468-5.8950195,3.2507935,0,5.8953857,2.6445312,5.8953857,5.8950195,0,3.2509766-2.6445923,5.8955078-5.8953857,5.8955078-.8605957,0-1.6762695-.1894531-2.4140625-.5224609l-21.0866699,21.0854492c.2528687.65625.3972778,1.3662109.3972778,2.1108398,0,3.2504883-2.6445923,5.8950195-5.8948975,5.8950195-3.2507935,0-5.8954468-2.6445312-5.8954468-5.8950195,0-1.1308594.3255005-2.184082.8794556-3.0825195l-5.3193359-7.5019531c-.526123.1542969-1.0809937.2412109-1.6563721.2412109-3.2508545,0-5.8954468-2.6445312-5.8954468-5.8955078s2.6445923-5.8955078,5.8954468-5.8955078c3.2507935,0,5.8953857,2.6445312,5.8953857,5.8955078,0,1.2802734-.4146118,2.4628906-1.1103516,3.4301758l5.1659546,7.284668Zm55.8216553,16.3061523c-2.545166,9.1616211-8.3133545,15.03125-17.6580811,17.2226562-.3540649.0830078-.7363892.0688477-1.1044312.059082-.1901855-.0048828-.3416138-.1347656-.3464355-.3974609.0529785-.4169922.34729-.7001953.7146606-.8964844.8175049-.4365234,1.6280518-.8964844,2.4790039-1.2583008,5.5744629-2.3706055,9.7168579-6.3120117,12.7501221-11.5.7113037-1.2167969,1.49646-2.390625,2.2650146-3.5727539.217041-.3339844.4920654-.831543.9206543-.6401367.4428711.1972656.067688.6660156-.0205078.9833984Z"/>
11 | </svg>


--------------------------------------------------------------------------------
/artwork/gitsign/stacked/black/sigstore_gitsign-stacked-black.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/gitsign/stacked/black/sigstore_gitsign-stacked-black.png


--------------------------------------------------------------------------------
/artwork/gitsign/stacked/color reverse/sigstore_gitsign-stacked-colorreverse.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/gitsign/stacked/color reverse/sigstore_gitsign-stacked-colorreverse.png


--------------------------------------------------------------------------------
/artwork/gitsign/stacked/color/sigstore_gitsign-stacked-color.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/gitsign/stacked/color/sigstore_gitsign-stacked-color.png


--------------------------------------------------------------------------------
/artwork/gitsign/stacked/cream/sigstore_gitsign-stacked-sigstorecream.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/gitsign/stacked/cream/sigstore_gitsign-stacked-sigstorecream.png


--------------------------------------------------------------------------------
/artwork/gitsign/stacked/dark blue/sigstore_gitsign-stacked-sigstoredarkblue.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/gitsign/stacked/dark blue/sigstore_gitsign-stacked-sigstoredarkblue.png


--------------------------------------------------------------------------------
/artwork/gitsign/stacked/white/sigstore_gitsign-stacked-white.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/gitsign/stacked/white/sigstore_gitsign-stacked-white.png


--------------------------------------------------------------------------------
/artwork/policy-controller/Horizontal/Color Reverse/sigstore_policycontroller-horizontal-colorreverse.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/policy-controller/Horizontal/Color Reverse/sigstore_policycontroller-horizontal-colorreverse.png


--------------------------------------------------------------------------------
/artwork/policy-controller/Horizontal/Full Color/sigstore_policycontroller-horizontal-color.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/policy-controller/Horizontal/Full Color/sigstore_policycontroller-horizontal-color.png


--------------------------------------------------------------------------------
/artwork/policy-controller/Horizontal/Single Color/Black/sigstore_policycontroller-horizontal-black.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/policy-controller/Horizontal/Single Color/Black/sigstore_policycontroller-horizontal-black.png


--------------------------------------------------------------------------------
/artwork/policy-controller/Horizontal/Single Color/Sigstore Cream/sigstore_policycontroller-horizontal-sigstorecream.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/policy-controller/Horizontal/Single Color/Sigstore Cream/sigstore_policycontroller-horizontal-sigstorecream.png


--------------------------------------------------------------------------------
/artwork/policy-controller/Horizontal/Single Color/Sigstore Dark Blue/sigstore_policycontroller-horizontal-sigstoredarkblue.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/policy-controller/Horizontal/Single Color/Sigstore Dark Blue/sigstore_policycontroller-horizontal-sigstoredarkblue.png


--------------------------------------------------------------------------------
/artwork/policy-controller/Horizontal/Single Color/White/sigstore_policycontroller-horizontal-white.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/policy-controller/Horizontal/Single Color/White/sigstore_policycontroller-horizontal-white.png


--------------------------------------------------------------------------------
/artwork/policy-controller/Icon/sigstore_policycontroller-icon-black.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/policy-controller/Icon/sigstore_policycontroller-icon-black.png


--------------------------------------------------------------------------------
/artwork/policy-controller/Icon/sigstore_policycontroller-icon-black.svg:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 125 120">
 3 |   <defs>
 4 |     <style>
 5 |       .cls-1 {
 6 |         fill: #231f20;
 7 |       }
 8 |     </style>
 9 |   </defs>
10 |   <path class="cls-1" d="m120.6066375,52.0850457c-2.6206055-5.2871094-6.2944336-9.2304688-10.6643066-12.9775391-7.1008301-6.0888672-7.9072266-9.5507812-10.3548584-19.015625-2.6619873-10.2939453-16.9300537-19.2294922-27.3804932-16.996582-8.0004883,1.7094727-15.8115234,2.1591797-23.7595215.2646484-.8413086-.2001953-1.7321777-.2231445-2.6031494-.2626953-4.2260742-.190918-7.663208,1.347168-10.2867432,4.7001953-1.5771484,2.015625-2.9619141,4.1655273-4.111084,6.434082-3.048584,6.0185547-7.7230225,10.2895508-13.6536865,13.3623047-2.7095947,1.4038086-5.385498,2.9223633-7.8927002,4.65625-3.861084,2.6689453-7.0163574,5.9614258-7.6196289,10.9404297-.4396973,3.6279297.6728516,6.9765625,2.3781738,10.0488281,3.1350098,5.6479492,4.6774902,11.5854492,4.0576172,17.4433594,0,2.4204102-.0651855,4.2441406.0117188,6.0615234.2651367,6.2592773,1.7304688,11.9863281,7.2492676,15.8515625,2.0961914,1.4682617,4.3217773,2.7392578,6.675293,3.6982422,6.8986816,2.8095703,12.4553223,7.1445312,16.2451172,13.6445312.5063477.8686523,1.2446289,1.6142578,1.9368896,2.359375,3.1467285,3.3886719,7.0062256,5.0961914,11.6685791,4.9428711,3.4735107-.1142578,6.7941895-.9423828,9.9240723-2.3574219,9.3666992-4.2353516,18.8435059-7.8881836,29.1242676-9.5375977,7.2750244-1.1669922,12.017334-6.1279297,14.5371094-13.1069336.8238525-2.2817383,1.2299805-4.6474609,1.5773926-7.0170898.6916504-4.7163086,2.9852295-8.2841797,7.1491699-10.6445312.9477539-.5375977,1.3181152-1.159668,2.2011719-1.800293,3.1643066-2.2958984,5.0458984-5.387207,5.6109619-9.2607422.5878906-4.0297852-.229126-7.8164062-2.0206299-11.4311523ZM77.3645721,7.347741c5.8824463-.0361328,10.3514404,2.402832,13.2368164,7.5927734.1092529.1962891.1658936.4262695.22229.6469727.0290527.1137695-.0224609.2260742-.1779785.2729492-.2570801.0395508-.4755859-.0878906-.6544189-.2734375-.3980713-.4121094-.80896-.8168945-1.168335-1.2617188-2.3540039-2.9160156-5.4005127-4.7138672-9.0009766-5.640625-.8442383-.2172852-1.6757812-.4863281-2.5092773-.7431641-.2354736-.0727539-.5780029-.1523438-.5368652-.4399414.0427246-.2963867.3850098-.152832.5887451-.1538086ZM20.3169646,43.9698113c-.3223877.8686523-.6239014,1.7504883-1.020752,2.5859375-2.5992432,5.4716797-3.085083,11.1689453-1.9139404,17.0634766.2746582,1.3818359.4655762,2.78125.6746826,4.1757812.05896.394043.1832275.9487305-.2644043,1.0898438-.4625244.1459961-.4924316-.4536133-.6369629-.7495117-4.1722412-8.5449219-3.7486572-16.7636719,1.7913818-24.6015625.2098389-.296875.505127-.5400391.7871094-.7768555.145752-.1220703.3452148-.1254883.5229492.0678711.2369385.347168.2047119.7543945.0599365,1.1450195Zm1.6051025,40.1728516c7.5847168,9.5517578,17.3510742,15.4208984,29.3483887,17.453125,21.7467041,3.6831055,42.9287109-8.0014648,50.5444336-27.7958984,1.3510742-3.5117188,2.1723633-7.1513672,2.4929199-10.8129883,1.1506348-13.1386719-4.152832-26.5581055-14.6230469-35.3530273-5.840332-4.90625-12.4750977-8.1772461-19.3685303-9.8666992-16.0025635-3.921875-33.4080811.730957-45.5683594,13.6147461-1.4713135,1.559082-2.7244873,3.3237305-4.2210693,5.1679688,6.8378906-13.6572266,25.9819336-27.0078125,49.3034668-22.1425781,20.9396973,4.3671875,36.3383789,23.5405273,36.1751709,45.2524414-.1679688,22.34375-15.9591064,41.0009766-38.2860107,45.0283203-20.375,3.675293-39.0632324-7.8862305-45.7973633-20.5454102Zm15.3356934-39.1005859c.1201172-.5917969.5-1.0976562,1.0341797-1.3789062l21.4819336-11.3125c.0583496-.0307617.1218262-.0429688.1821289-.0678711.0830078-.0336914.1639404-.0708008.25-.0927734.0831299-.0219727.1669922-.0292969.251709-.0400391.0849609-.0107422.1682129-.0249023.2536621-.0249023s.1687012.0141602.253418.0249023c.0849609.0107422.1690674.0180664.2524414.0400391.0856934.0224609.1661377.059082.2487793.0922852.0605469.0249023.1243896.0371094.1828613.0683594l21.4819336,11.3125c.5341797.28125.9140625.7871094,1.0341797,1.3789062.0576172.28125,5.4125977,28.3144531-22.3769531,42.6162109-.2895508.1494141-.6054688.2236328-.9208984.2236328-.0523682,0-.1033936-.0170898-.1557617-.0214844-.0522461.0043945-.1032715.0214844-.1557617.0214844-.3154297,0-.6313477-.0742188-.9208984-.2236328-14.5024414-7.4628906-19.8237305-18.6396484-21.7338867-26.7011719-2.0654297-8.7167969-.7021484-15.6259766-.6430664-15.9150391Zm68.6000977,39.0869141c-2.545166,9.1616211-8.3134766,15.03125-17.6582031,17.2226562-.3540039.0830078-.7363281.0688477-1.1043701.059082-.1901855-.0048828-.3416748-.1347656-.3464355-.3974609.0529785-.4169922.34729-.7001953.7147217-.8964844.8173828-.4365234,1.6279297-.8964844,2.4790039-1.2583008,5.5744629-2.3706055,9.7167969-6.3120117,12.75-11.5.7114258-1.2167969,1.496582-2.390625,2.2651367-3.5727539.217041-.3339844.4919434-.831543.9206543-.6401367.4428711.1972656.067627.6660156-.0205078.9833984Z"/>
11 |   <path class="cls-1" d="m80.3710418,46.7578972l-17.637207-9.2871094.1352539,44.9746094c19.5532227-11.8691406,18.1298828-31.2011719,17.5019531-35.6875Z"/>
12 |   <path class="cls-1" d="m58.553659,82.4453972l.1352539-44.9746094-17.637207,9.2871094c-.6274414,4.4785156-2.0556641,23.8164062,17.5019531,35.6875Z"/>
13 | </svg>


--------------------------------------------------------------------------------
/artwork/policy-controller/Icon/sigstore_policycontroller-icon-color.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/policy-controller/Icon/sigstore_policycontroller-icon-color.png


--------------------------------------------------------------------------------
/artwork/policy-controller/Icon/sigstore_policycontroller-icon-sigstoredarkblue.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/policy-controller/Icon/sigstore_policycontroller-icon-sigstoredarkblue.png


--------------------------------------------------------------------------------
/artwork/policy-controller/Icon/sigstore_policycontroller-icon-sigstoredarkblue.svg:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 125 120">
 3 |   <defs>
 4 |     <style>
 5 |       .cls-1 {
 6 |         fill: #2e2f71;
 7 |       }
 8 |     </style>
 9 |   </defs>
10 |   <path class="cls-1" d="m120.6065502,52.0849126c-2.6206055-5.2871094-6.2943115-9.2304688-10.6642456-12.9775391-7.100769-6.0888672-7.9071655-9.5507812-10.3548584-19.015625-2.6619263-10.2939453-16.9299927-19.2294922-27.3804321-16.996582-8.0006104,1.7094727-15.8115234,2.1591797-23.7595215.2646484-.8413086-.2001953-1.7322998-.2231445-2.6032104-.2626953-4.2260742-.190918-7.663208,1.347168-10.2867432,4.7001953-1.5772095,2.015625-2.961853,4.1655273-4.1110229,6.434082-3.048645,6.0185547-7.7230835,10.2895508-13.6537476,13.3623047-2.7096558,1.4038086-5.385498,2.9223633-7.8926392,4.65625-3.8612061,2.6689453-7.0163574,5.9614258-7.6196899,10.9404297-.4396973,3.6279297.6728516,6.9765625,2.3781128,10.0488281,3.1351318,5.6479492,4.6774902,11.5854492,4.0576172,17.4433594,0,2.4204102-.0651855,4.2441406.0117798,6.0615234.2650757,6.2592773,1.7304688,11.9863281,7.2492676,15.8515625,2.0961914,1.4682617,4.3218384,2.7392578,6.675293,3.6982422,6.8986206,2.8095703,12.4552612,7.1445312,16.2451172,13.6445312.5064087.8686523,1.2446289,1.6142578,1.9368896,2.359375,3.1467285,3.3886719,7.0062256,5.0961914,11.6685181,4.9428711,3.4735718-.1142578,6.7943115-.9423828,9.9241333-2.3574219,9.3667603-4.2353516,18.8435669-7.8881836,29.1243286-9.5375977,7.2749634-1.1669922,12.0172119-6.1279297,14.5369873-13.1069336.8239136-2.2817383,1.2300415-4.6474609,1.5775146-7.0170898.6915283-4.7163086,2.9851685-8.2841797,7.1491089-10.6445312.9477539-.5375977,1.3181763-1.159668,2.2012329-1.800293,3.1641846-2.2958984,5.0458374-5.387207,5.6109009-9.2607422.5878906-4.0297852-.2290649-7.8164062-2.0206909-11.4311523ZM77.3645458,7.3476079c5.8825073-.0361328,10.3515015,2.402832,13.2368164,7.5927734.109314.1962891.1658325.4262695.222229.6469727.0291138.1137695-.0224609.2260742-.1779785.2729492-.257019.0395508-.4755249-.0878906-.6543579-.2734375-.3981323-.4121094-.80896-.8168945-1.168335-1.2617188-2.3540649-2.9160156-5.4005127-4.7138672-9.0009766-5.640625-.8442993-.2172852-1.6757202-.4863281-2.5092773-.7431641-.2354736-.0727539-.5780029-.1523438-.5368042-.4399414.0426025-.2963867.3848877-.152832.5886841-.1538086ZM20.3169383,43.9696782c-.3224487.8686523-.6239014,1.7504883-1.020752,2.5859375-2.5993042,5.4716797-3.085022,11.1689453-1.9140015,17.0634766.2746582,1.3818359.4656372,2.78125.6747437,4.1757812.059021.394043.1831665.9487305-.2644043,1.0898438-.4624634.1459961-.4924316-.4536133-.6369629-.7495117-4.1721802-8.5449219-3.7487183-16.7636719,1.7913208-24.6015625.2098999-.296875.505127-.5400391.7871094-.7768555.145813-.1220703.3452148-.1254883.5230103.0678711.2369385.347168.2047119.7543945.0599365,1.1450195Zm1.6051025,40.1728516c7.5846558,9.5517578,17.3511353,15.4208984,29.3483276,17.453125,21.7467651,3.6831055,42.928833-8.0014648,50.5445557-27.7958984,1.3510742-3.5117188,2.1722412-7.1513672,2.4928589-10.8129883,1.1505737-13.1386719-4.1528931-26.5581055-14.6230469-35.3530273-5.840332-4.90625-12.4750977-8.1772461-19.3685303-9.8666992-16.0026245-3.921875-33.4080811.730957-45.5683594,13.6147461-1.4712524,1.559082-2.7245483,3.3237305-4.2210693,5.1679688,6.8379517-13.6572266,25.9818726-27.0078125,49.3034668-22.1425781,20.9396362,4.3671875,36.3383179,23.5405273,36.1751709,45.2524414-.1679688,22.34375-15.9590454,41.0009766-38.2860107,45.0283203-20.375,3.675293-39.0632935-7.8862305-45.7973633-20.5454102Zm15.3357544-39.1005859c.1201172-.5917969.5-1.0976562,1.0341797-1.3789062l21.4819336-11.3125c.0582886-.0307617.1218262-.0429688.1820679-.067627.0830688-.0339355.1639404-.0708008.249939-.0930176.0831909-.0217285.1670532-.0292969.25177-.0400391.0848999-.0107422.1682739-.0249023.2537231-.0249023.0853882,0,.1685791.0141602.253418.0249023.0849609.0107422.1690063.0183105.2524414.0400391.0855713.0224609.1660767.059082.2487183.0925293.0605469.0246582.1243896.0371094.1829224.0681152l21.4819336,11.3125c.5341797.28125.9140625.7871094,1.0341797,1.3789062.0576172.28125,5.4125977,28.3144531-22.3769531,42.6162109-.2895508.1494141-.6054688.2236328-.9208984.2236328-.0524292,0-.1034546-.0170898-.1557617-.0212402-.0523071.0041504-.1033325.0212402-.1557617.0212402-.3154297,0-.6313477-.0742188-.9208984-.2236328-14.5024414-7.4628906-19.8237305-18.6396484-21.7338867-26.7011719-2.0654297-8.7167969-.7021484-15.6259766-.6430664-15.9150391Zm68.5999756,39.0869141c-2.545166,9.1616211-8.3133545,15.03125-17.6580811,17.2226562-.3540649.0830078-.7363892.0688477-1.1044312.059082-.1901855-.0048828-.3416138-.1347656-.3464355-.3974609.0529785-.4169922.34729-.7001953.7146606-.8964844.8175049-.4365234,1.6280518-.8964844,2.4790039-1.2583008,5.5744629-2.3706055,9.7168579-6.3120117,12.7501221-11.5.7113037-1.2167969,1.49646-2.390625,2.2650146-3.5727539.217041-.3339844.4920654-.831543.9206543-.6401367.4428711.1972656.067688.6660156-.0205078.9833984Z"/>
11 |   <path class="cls-1" d="m80.3710765,46.7577641l-17.637207-9.2871094.1352539,44.9746094c19.5532227-11.8691406,18.1298828-31.2011719,17.5019531-35.6875Z"/>
12 |   <path class="cls-1" d="m58.5536937,82.4452641l.1352539-44.9746094-17.637207,9.2871094c-.6274414,4.4785156-2.0556641,23.8164062,17.5019531,35.6875Z"/>
13 | </svg>


--------------------------------------------------------------------------------
/artwork/policy-controller/Icon/sigstore_policycontroller-icon-sigtorecream.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/policy-controller/Icon/sigstore_policycontroller-icon-sigtorecream.png


--------------------------------------------------------------------------------
/artwork/policy-controller/Icon/sigstore_policycontroller-icon-sigtorecream.svg:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 125 120">
 3 |   <defs>
 4 |     <style>
 5 |       .cls-1 {
 6 |         fill: #faf7ef;
 7 |       }
 8 |     </style>
 9 |   </defs>
10 |   <path class="cls-1" d="m120.6066375,52.0850457c-2.6206055-5.2871094-6.2944336-9.2304688-10.6643066-12.9775391-7.1008301-6.0888672-7.9072266-9.5507812-10.3548584-19.015625-2.6619873-10.2939453-16.9300537-19.2294922-27.3804932-16.996582-8.0004883,1.7094727-15.8115234,2.1591797-23.7595215.2646484-.8413086-.2001953-1.7321777-.2231445-2.6031494-.2626953-4.2260742-.190918-7.663208,1.347168-10.2867432,4.7001953-1.5771484,2.015625-2.9619141,4.1655273-4.111084,6.434082-3.048584,6.0185547-7.7230225,10.2895508-13.6536865,13.3623047-2.7095947,1.4038086-5.385498,2.9223633-7.8927002,4.65625-3.861084,2.6689453-7.0163574,5.9614258-7.6196289,10.9404297-.4396973,3.6279297.6728516,6.9765625,2.3781738,10.0488281,3.1350098,5.6479492,4.6774902,11.5854492,4.0576172,17.4433594,0,2.4204102-.0651855,4.2441406.0117188,6.0615234.2651367,6.2592773,1.7304688,11.9863281,7.2492676,15.8515625,2.0961914,1.4682617,4.3217773,2.7392578,6.675293,3.6982422,6.8986816,2.8095703,12.4553223,7.1445312,16.2451172,13.6445312.5063477.8686523,1.2446289,1.6142578,1.9368896,2.359375,3.1467285,3.3886719,7.0062256,5.0961914,11.6685791,4.9428711,3.4735107-.1142578,6.7941895-.9423828,9.9240723-2.3574219,9.3666992-4.2353516,18.8435059-7.8881836,29.1242676-9.5375977,7.2750244-1.1669922,12.017334-6.1279297,14.5371094-13.1069336.8238525-2.2817383,1.2299805-4.6474609,1.5773926-7.0170898.6916504-4.7163086,2.9852295-8.2841797,7.1491699-10.6445312.9477539-.5375977,1.3181152-1.159668,2.2011719-1.800293,3.1643066-2.2958984,5.0458984-5.387207,5.6109619-9.2607422.5878906-4.0297852-.229126-7.8164062-2.0206299-11.4311523ZM77.3645721,7.347741c5.8824463-.0361328,10.3514404,2.402832,13.2368164,7.5927734.1092529.1962891.1658936.4262695.22229.6469727.0290527.1137695-.0224609.2260742-.1779785.2729492-.2570801.0395508-.4755859-.0878906-.6544189-.2734375-.3980713-.4121094-.80896-.8168945-1.168335-1.2617188-2.3540039-2.9160156-5.4005127-4.7138672-9.0009766-5.640625-.8442383-.2172852-1.6757812-.4863281-2.5092773-.7431641-.2354736-.0727539-.5780029-.1523438-.5368652-.4399414.0427246-.2963867.3850098-.152832.5887451-.1538086ZM20.3169646,43.9698113c-.3223877.8686523-.6239014,1.7504883-1.020752,2.5859375-2.5992432,5.4716797-3.085083,11.1689453-1.9139404,17.0634766.2746582,1.3818359.4655762,2.78125.6746826,4.1757812.05896.394043.1832275.9487305-.2644043,1.0898438-.4625244.1459961-.4924316-.4536133-.6369629-.7495117-4.1722412-8.5449219-3.7486572-16.7636719,1.7913818-24.6015625.2098389-.296875.505127-.5400391.7871094-.7768555.145752-.1220703.3452148-.1254883.5229492.0678711.2369385.347168.2047119.7543945.0599365,1.1450195Zm1.6051025,40.1728516c7.5847168,9.5517578,17.3510742,15.4208984,29.3483887,17.453125,21.7467041,3.6831055,42.9287109-8.0014648,50.5444336-27.7958984,1.3510742-3.5117188,2.1723633-7.1513672,2.4929199-10.8129883,1.1506348-13.1386719-4.152832-26.5581055-14.6230469-35.3530273-5.840332-4.90625-12.4750977-8.1772461-19.3685303-9.8666992-16.0025635-3.921875-33.4080811.730957-45.5683594,13.6147461-1.4713135,1.559082-2.7244873,3.3237305-4.2210693,5.1679688,6.8378906-13.6572266,25.9819336-27.0078125,49.3034668-22.1425781,20.9396973,4.3671875,36.3383789,23.5405273,36.1751709,45.2524414-.1679688,22.34375-15.9591064,41.0009766-38.2860107,45.0283203-20.375,3.675293-39.0632324-7.8862305-45.7973633-20.5454102Zm15.3356934-39.1005859c.1201172-.5917969.5-1.0976562,1.0341797-1.3789062l21.4819336-11.3125c.0583496-.0307617.1218262-.0429688.1821289-.0678711.0830078-.0336914.1639404-.0708008.25-.0927734.0831299-.0219727.1669922-.0292969.251709-.0400391.0849609-.0107422.1682129-.0249023.2536621-.0249023s.1687012.0141602.253418.0249023c.0849609.0107422.1690674.0180664.2524414.0400391.0856934.0224609.1661377.059082.2487793.0922852.0605469.0249023.1243896.0371094.1828613.0683594l21.4819336,11.3125c.5341797.28125.9140625.7871094,1.0341797,1.3789062.0576172.28125,5.4125977,28.3144531-22.3769531,42.6162109-.2895508.1494141-.6054688.2236328-.9208984.2236328-.0523682,0-.1033936-.0170898-.1557617-.0214844-.0522461.0043945-.1032715.0214844-.1557617.0214844-.3154297,0-.6313477-.0742188-.9208984-.2236328-14.5024414-7.4628906-19.8237305-18.6396484-21.7338867-26.7011719-2.0654297-8.7167969-.7021484-15.6259766-.6430664-15.9150391Zm68.6000977,39.0869141c-2.545166,9.1616211-8.3134766,15.03125-17.6582031,17.2226562-.3540039.0830078-.7363281.0688477-1.1043701.059082-.1901855-.0048828-.3416748-.1347656-.3464355-.3974609.0529785-.4169922.34729-.7001953.7147217-.8964844.8173828-.4365234,1.6279297-.8964844,2.4790039-1.2583008,5.5744629-2.3706055,9.7167969-6.3120117,12.75-11.5.7114258-1.2167969,1.496582-2.390625,2.2651367-3.5727539.217041-.3339844.4919434-.831543.9206543-.6401367.4428711.1972656.067627.6660156-.0205078.9833984Z"/>
11 |   <path class="cls-1" d="m80.3710418,46.7578972l-17.637207-9.2871094.1352539,44.9746094c19.5532227-11.8691406,18.1298828-31.2011719,17.5019531-35.6875Z"/>
12 |   <path class="cls-1" d="m58.553659,82.4453972l.1352539-44.9746094-17.637207,9.2871094c-.6274414,4.4785156-2.0556641,23.8164062,17.5019531,35.6875Z"/>
13 | </svg>


--------------------------------------------------------------------------------
/artwork/policy-controller/Icon/sigstore_policycontroller-icon-white.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/policy-controller/Icon/sigstore_policycontroller-icon-white.png


--------------------------------------------------------------------------------
/artwork/policy-controller/Icon/sigstore_policycontroller-icon-white.svg:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 125 120">
 3 |   <defs>
 4 |     <style>
 5 |       .cls-1 {
 6 |         fill: #fff;
 7 |       }
 8 |     </style>
 9 |   </defs>
10 |   <path class="cls-1" d="m120.6066375,52.0850457c-2.6206055-5.2871094-6.2944336-9.2304688-10.6643066-12.9775391-7.1008301-6.0888672-7.9072266-9.5507812-10.3548584-19.015625-2.6619873-10.2939453-16.9300537-19.2294922-27.3804932-16.996582-8.0004883,1.7094727-15.8115234,2.1591797-23.7595215.2646484-.8413086-.2001953-1.7321777-.2231445-2.6031494-.2626953-4.2260742-.190918-7.663208,1.347168-10.2867432,4.7001953-1.5771484,2.015625-2.9619141,4.1655273-4.111084,6.434082-3.048584,6.0185547-7.7230225,10.2895508-13.6536865,13.3623047-2.7095947,1.4038086-5.385498,2.9223633-7.8927002,4.65625-3.861084,2.6689453-7.0163574,5.9614258-7.6196289,10.9404297-.4396973,3.6279297.6728516,6.9765625,2.3781738,10.0488281,3.1350098,5.6479492,4.6774902,11.5854492,4.0576172,17.4433594,0,2.4204102-.0651855,4.2441406.0117188,6.0615234.2651367,6.2592773,1.7304688,11.9863281,7.2492676,15.8515625,2.0961914,1.4682617,4.3217773,2.7392578,6.675293,3.6982422,6.8986816,2.8095703,12.4553223,7.1445312,16.2451172,13.6445312.5063477.8686523,1.2446289,1.6142578,1.9368896,2.359375,3.1467285,3.3886719,7.0062256,5.0961914,11.6685791,4.9428711,3.4735107-.1142578,6.7941895-.9423828,9.9240723-2.3574219,9.3666992-4.2353516,18.8435059-7.8881836,29.1242676-9.5375977,7.2750244-1.1669922,12.017334-6.1279297,14.5371094-13.1069336.8238525-2.2817383,1.2299805-4.6474609,1.5773926-7.0170898.6916504-4.7163086,2.9852295-8.2841797,7.1491699-10.6445312.9477539-.5375977,1.3181152-1.159668,2.2011719-1.800293,3.1643066-2.2958984,5.0458984-5.387207,5.6109619-9.2607422.5878906-4.0297852-.229126-7.8164062-2.0206299-11.4311523ZM77.3645721,7.347741c5.8824463-.0361328,10.3514404,2.402832,13.2368164,7.5927734.1092529.1962891.1658936.4262695.22229.6469727.0290527.1137695-.0224609.2260742-.1779785.2729492-.2570801.0395508-.4755859-.0878906-.6544189-.2734375-.3980713-.4121094-.80896-.8168945-1.168335-1.2617188-2.3540039-2.9160156-5.4005127-4.7138672-9.0009766-5.640625-.8442383-.2172852-1.6757812-.4863281-2.5092773-.7431641-.2354736-.0727539-.5780029-.1523438-.5368652-.4399414.0427246-.2963867.3850098-.152832.5887451-.1538086ZM20.3169646,43.9698113c-.3223877.8686523-.6239014,1.7504883-1.020752,2.5859375-2.5992432,5.4716797-3.085083,11.1689453-1.9139404,17.0634766.2746582,1.3818359.4655762,2.78125.6746826,4.1757812.05896.394043.1832275.9487305-.2644043,1.0898438-.4625244.1459961-.4924316-.4536133-.6369629-.7495117-4.1722412-8.5449219-3.7486572-16.7636719,1.7913818-24.6015625.2098389-.296875.505127-.5400391.7871094-.7768555.145752-.1220703.3452148-.1254883.5229492.0678711.2369385.347168.2047119.7543945.0599365,1.1450195Zm1.6051025,40.1728516c7.5847168,9.5517578,17.3510742,15.4208984,29.3483887,17.453125,21.7467041,3.6831055,42.9287109-8.0014648,50.5444336-27.7958984,1.3510742-3.5117188,2.1723633-7.1513672,2.4929199-10.8129883,1.1506348-13.1386719-4.152832-26.5581055-14.6230469-35.3530273-5.840332-4.90625-12.4750977-8.1772461-19.3685303-9.8666992-16.0025635-3.921875-33.4080811.730957-45.5683594,13.6147461-1.4713135,1.559082-2.7244873,3.3237305-4.2210693,5.1679688,6.8378906-13.6572266,25.9819336-27.0078125,49.3034668-22.1425781,20.9396973,4.3671875,36.3383789,23.5405273,36.1751709,45.2524414-.1679688,22.34375-15.9591064,41.0009766-38.2860107,45.0283203-20.375,3.675293-39.0632324-7.8862305-45.7973633-20.5454102Zm15.3356934-39.1005859c.1201172-.5917969.5-1.0976562,1.0341797-1.3789062l21.4819336-11.3125c.0583496-.0307617.1218262-.0429688.1821289-.0678711.0830078-.0336914.1639404-.0708008.25-.0927734.0831299-.0219727.1669922-.0292969.251709-.0400391.0849609-.0107422.1682129-.0249023.2536621-.0249023s.1687012.0141602.253418.0249023c.0849609.0107422.1690674.0180664.2524414.0400391.0856934.0224609.1661377.059082.2487793.0922852.0605469.0249023.1243896.0371094.1828613.0683594l21.4819336,11.3125c.5341797.28125.9140625.7871094,1.0341797,1.3789062.0576172.28125,5.4125977,28.3144531-22.3769531,42.6162109-.2895508.1494141-.6054688.2236328-.9208984.2236328-.0523682,0-.1033936-.0170898-.1557617-.0214844-.0522461.0043945-.1032715.0214844-.1557617.0214844-.3154297,0-.6313477-.0742188-.9208984-.2236328-14.5024414-7.4628906-19.8237305-18.6396484-21.7338867-26.7011719-2.0654297-8.7167969-.7021484-15.6259766-.6430664-15.9150391Zm68.6000977,39.0869141c-2.545166,9.1616211-8.3134766,15.03125-17.6582031,17.2226562-.3540039.0830078-.7363281.0688477-1.1043701.059082-.1901855-.0048828-.3416748-.1347656-.3464355-.3974609.0529785-.4169922.34729-.7001953.7147217-.8964844.8173828-.4365234,1.6279297-.8964844,2.4790039-1.2583008,5.5744629-2.3706055,9.7167969-6.3120117,12.75-11.5.7114258-1.2167969,1.496582-2.390625,2.2651367-3.5727539.217041-.3339844.4919434-.831543.9206543-.6401367.4428711.1972656.067627.6660156-.0205078.9833984Z"/>
11 |   <path class="cls-1" d="m80.3710418,46.7578972l-17.637207-9.2871094.1352539,44.9746094c19.5532227-11.8691406,18.1298828-31.2011719,17.5019531-35.6875Z"/>
12 |   <path class="cls-1" d="m58.553659,82.4453972l.1352539-44.9746094-17.637207,9.2871094c-.6274414,4.4785156-2.0556641,23.8164062,17.5019531,35.6875Z"/>
13 | </svg>


--------------------------------------------------------------------------------
/artwork/policy-controller/Stacked/sigstore_policycontroller-stacked-black.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/policy-controller/Stacked/sigstore_policycontroller-stacked-black.png


--------------------------------------------------------------------------------
/artwork/policy-controller/Stacked/sigstore_policycontroller-stacked-color.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/policy-controller/Stacked/sigstore_policycontroller-stacked-color.png


--------------------------------------------------------------------------------
/artwork/policy-controller/Stacked/sigstore_policycontroller-stacked-colorreverse.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/policy-controller/Stacked/sigstore_policycontroller-stacked-colorreverse.png


--------------------------------------------------------------------------------
/artwork/policy-controller/Stacked/sigstore_policycontroller-stacked-sigstorecream.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/policy-controller/Stacked/sigstore_policycontroller-stacked-sigstorecream.png


--------------------------------------------------------------------------------
/artwork/policy-controller/Stacked/sigstore_policycontroller-stacked-sigstoredarkblue.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/policy-controller/Stacked/sigstore_policycontroller-stacked-sigstoredarkblue.png


--------------------------------------------------------------------------------
/artwork/policy-controller/Stacked/sigstore_policycontroller-stacked-white.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/policy-controller/Stacked/sigstore_policycontroller-stacked-white.png


--------------------------------------------------------------------------------
/artwork/rekor/horizontal/black/sigstore_rekor-horizontal-black.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/rekor/horizontal/black/sigstore_rekor-horizontal-black.png


--------------------------------------------------------------------------------
/artwork/rekor/horizontal/color reverse/sigstore_rekor-horizontal-colorreverse.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/rekor/horizontal/color reverse/sigstore_rekor-horizontal-colorreverse.png


--------------------------------------------------------------------------------
/artwork/rekor/horizontal/color/sigstore_rekor-horizontal-color.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/rekor/horizontal/color/sigstore_rekor-horizontal-color.png


--------------------------------------------------------------------------------
/artwork/rekor/horizontal/cream/sigstore_rekor-horizontal-sigstorecream.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/rekor/horizontal/cream/sigstore_rekor-horizontal-sigstorecream.png


--------------------------------------------------------------------------------
/artwork/rekor/horizontal/dark blue/sigstore_rekor-horizontal-sigstoredarkblue.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/rekor/horizontal/dark blue/sigstore_rekor-horizontal-sigstoredarkblue.png


--------------------------------------------------------------------------------
/artwork/rekor/horizontal/white/sigstore_rekor-horizontal-white.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/rekor/horizontal/white/sigstore_rekor-horizontal-white.png


--------------------------------------------------------------------------------
/artwork/rekor/icons/black/sigstore_rekor-icon-black.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/rekor/icons/black/sigstore_rekor-icon-black.png


--------------------------------------------------------------------------------
/artwork/rekor/icons/black/sigstore_rekor-icon-black.svg:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 125 120">
 3 |   <defs>
 4 |     <style>
 5 |       .cls-1 {
 6 |         fill: #231f20;
 7 |       }
 8 |     </style>
 9 |   </defs>
10 |   <path class="cls-1" d="m109.9422933,38.9820655c-7.100769-6.0888672-7.9071655-9.5507812-10.3548584-19.015625-2.6619263-10.2944336-16.9299927-19.2294922-27.3804321-16.9970703-8.0006104,1.7094727-15.8115234,2.1591797-23.7595215.2651367-.8413086-.2006836-1.7322998-.2236328-2.6032104-.2626953-4.2260742-.1914062-7.663208,1.347168-10.2867432,4.699707-1.5772095,2.0161133-2.961853,4.1655273-4.1110229,6.434082-3.048645,6.0185547-7.7230835,10.2900391-13.6537476,13.3623047-2.7096558,1.4038086-5.385498,2.9228516-7.8926392,4.65625-3.8612061,2.6694336-7.0163574,5.9614258-7.6196899,10.940918-.4396973,3.6279297.6728516,6.9765625,2.3781128,10.0488281,3.1351318,5.6479492,4.6774902,11.5854492,4.0576172,17.4433594,0,2.4204102-.0651855,4.2441406.0117798,6.0615234.2650757,6.2592773,1.7304688,11.9863281,7.2492676,15.8515625,2.0961914,1.4682617,4.3218384,2.7392578,6.675293,3.6982422,6.8986206,2.8095703,12.4552612,7.1445312,16.2451172,13.6445312.5064087.8686523,1.2446289,1.6142578,1.9368896,2.359375,3.1467285,3.3886719,7.0062256,5.0961914,11.6685181,4.9428711,3.4735718-.1142578,6.7943115-.9423828,9.9241333-2.3574219,9.3667603-4.2353516,18.8435669-7.8881836,29.1243286-9.5375977,7.2749634-1.1669922,12.0172119-6.1279297,14.5369873-13.1069336.8239136-2.2817383,1.2300415-4.6474609,1.5775146-7.0170898.6915283-4.7163086,2.9851685-8.2841797,7.1491089-10.6445312.9477539-.5375977,1.3181763-1.159668,2.2012329-1.800293,3.1641846-2.2958984,5.0458374-5.387207,5.6109009-9.2607422.5878906-4.0297852-.2290649-7.8164062-2.0206909-11.4311523-2.6206055-5.2871094-6.2943115-9.2304688-10.6642456-12.9775391ZM77.3645345,7.2218116c5.8825073-.0356445,10.3515015,2.402832,13.2368164,7.5927734.109314.1967773.1658325.4262695.222229.6469727.0291138.1142578-.0224609.2260742-.1779785.2734375-.257019.0390625-.4755249-.0878906-.6543579-.2734375-.3981323-.4125977-.80896-.8173828-1.168335-1.262207-2.3540649-2.9155273-5.4005127-4.7133789-9.0009766-5.640625-.8442993-.2172852-1.6757202-.4858398-2.5092773-.7431641-.2354736-.0722656-.5780029-.1523438-.5368042-.4394531.0426025-.296875.3848877-.152832.5886841-.1542969ZM20.3169271,43.8443702c-.3224487.8686523-.6239014,1.7504883-1.020752,2.5859375-2.5993042,5.4716797-3.085022,11.1689453-1.9140015,17.0634766.2746582,1.3818359.4656372,2.78125.6747437,4.1757812.059021.394043.1831665.9487305-.2644043,1.0898438-.4624634.1459961-.4924316-.4536133-.6369629-.7495117-4.1721802-8.5449219-3.7487183-16.7636719,1.7913208-24.6015625.2098999-.296875.505127-.5400391.7871094-.7768555.145813-.1220703.3452148-.1254883.5230103.0678711.2369385.347168.2047119.7543945.0599365,1.1450195Zm1.6051025,40.1728516c7.5846558,9.5517578,17.3511353,15.4208984,29.3483276,17.453125,21.7467651,3.6831055,42.928833-8.0014648,50.5445557-27.7958984,1.3510742-3.5117188,2.1722412-7.1513672,2.4928589-10.8129883,1.1505737-13.1386719-4.1528931-26.5585938-14.6230469-35.3535156-5.840332-4.9057617-12.4750977-8.1767578-19.3685303-9.8662109-16.0026245-3.9223633-33.4080811.730957-45.5683594,13.6147461-1.4712524,1.5585938-2.7245483,3.3232422-4.2210693,5.1674805,6.8379517-13.6572266,25.9818726-27.0073242,49.3034668-22.1425781,20.9396362,4.3676758,36.3383179,23.5405273,36.1751709,45.2529297-.1679688,22.34375-15.9590454,41.0009766-38.2860107,45.0283203-20.375,3.675293-39.0632935-7.8862305-45.7973633-20.5454102Zm55.5400391-40.6791992c1.0210571,0,2.0427246.7661133,2.0427246,2.0429688,0,1.0209961-.7662354,2.0429688-2.0427246,2.0429688h-33.961731c-.7661133,0-1.5323486,0-2.0429688-.2553711v28.0878906c0,1.2768555,1.0214844,2.0429688,2.0429688,2.0429688h33.961731c1.0210571,0,2.0427246,1.0214844,2.0427246,2.5541992,0,1.0205078-.7662354,2.0424805-2.0427246,2.0424805h-33.961731c-3.319458,0-6.12854-2.8085938-6.12854-6.1289062v-34.2163086c0-3.3198242,2.8088379-6.128418,6.12854-6.128418h25.2796021c1.0214844,0,2.0427856.7661133,2.0427856,2.0424805v5.8730469h6.6393433Zm-1.5323486,16.3422852c-1.9743652,0-3.574707-1.6000977-3.574707-3.574707,0-1.9741211,1.6003418-3.574707,3.574707-3.574707s3.5750732,1.6005859,3.5750732,3.574707c0,1.9746094-1.600708,3.574707-3.5750732,3.574707Zm3.5750732,8.6826172c0,1.9741211-1.600708,3.5742188-3.5750732,3.5742188s-3.574707-1.6000977-3.574707-3.5742188c0-1.9746094,1.6003418-3.5756836,3.574707-3.5756836s3.5750732,1.6010742,3.5750732,3.5756836Zm26.3529663,15.640625c-2.545166,9.1616211-8.3133545,15.03125-17.6580811,17.2226562-.3540649.0830078-.7363892.0688477-1.1044312.059082-.1901855-.0048828-.3416138-.1347656-.3464355-.3974609.0529785-.4169922.34729-.7001953.7146606-.8964844.8175049-.4365234,1.6280518-.8964844,2.4790039-1.2583008,5.5744629-2.3706055,9.7168579-6.3120117,12.7501221-11.5.7113037-1.2167969,1.49646-2.390625,2.2650146-3.5727539.217041-.3339844.4920654-.831543.9206543-.6401367.4428711.1972656.067688.6660156-.0205078.9833984Z"/>
11 |   <path class="cls-1" d="m41.457369,41.040171c0,1.2763672,1.0214844,2.0424805,2.0429688,2.0424805h23.2370605v-3.8300781h-23.2370605c-1.0214844,0-2.0429688,1.0214844-2.0429688,1.7875977Z"/>
12 | </svg>


--------------------------------------------------------------------------------
/artwork/rekor/icons/color/sigstore_rekor-icon-color.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/rekor/icons/color/sigstore_rekor-icon-color.png


--------------------------------------------------------------------------------
/artwork/rekor/icons/cream/sigstore_rekor-icon-sigstorecream.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/rekor/icons/cream/sigstore_rekor-icon-sigstorecream.png


--------------------------------------------------------------------------------
/artwork/rekor/icons/cream/sigstore_rekor-icon-sigstorecream.svg:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 125 120">
 3 |   <defs>
 4 |     <style>
 5 |       .cls-1 {
 6 |         fill: #faf7ef;
 7 |       }
 8 |     </style>
 9 |   </defs>
10 |   <path class="cls-1" d="m109.9422933,38.9820655c-7.100769-6.0888672-7.9071655-9.5507812-10.3548584-19.015625-2.6619263-10.2944336-16.9299927-19.2294922-27.3804321-16.9970703-8.0006104,1.7094727-15.8115234,2.1591797-23.7595215.2651367-.8413086-.2006836-1.7322998-.2236328-2.6032104-.2626953-4.2260742-.1914062-7.663208,1.347168-10.2867432,4.699707-1.5772095,2.0161133-2.961853,4.1655273-4.1110229,6.434082-3.048645,6.0185547-7.7230835,10.2900391-13.6537476,13.3623047-2.7096558,1.4038086-5.385498,2.9228516-7.8926392,4.65625-3.8612061,2.6694336-7.0163574,5.9614258-7.6196899,10.940918-.4396973,3.6279297.6728516,6.9765625,2.3781128,10.0488281,3.1351318,5.6479492,4.6774902,11.5854492,4.0576172,17.4433594,0,2.4204102-.0651855,4.2441406.0117798,6.0615234.2650757,6.2592773,1.7304688,11.9863281,7.2492676,15.8515625,2.0961914,1.4682617,4.3218384,2.7392578,6.675293,3.6982422,6.8986206,2.8095703,12.4552612,7.1445312,16.2451172,13.6445312.5064087.8686523,1.2446289,1.6142578,1.9368896,2.359375,3.1467285,3.3886719,7.0062256,5.0961914,11.6685181,4.9428711,3.4735718-.1142578,6.7943115-.9423828,9.9241333-2.3574219,9.3667603-4.2353516,18.8435669-7.8881836,29.1243286-9.5375977,7.2749634-1.1669922,12.0172119-6.1279297,14.5369873-13.1069336.8239136-2.2817383,1.2300415-4.6474609,1.5775146-7.0170898.6915283-4.7163086,2.9851685-8.2841797,7.1491089-10.6445312.9477539-.5375977,1.3181763-1.159668,2.2012329-1.800293,3.1641846-2.2958984,5.0458374-5.387207,5.6109009-9.2607422.5878906-4.0297852-.2290649-7.8164062-2.0206909-11.4311523-2.6206055-5.2871094-6.2943115-9.2304688-10.6642456-12.9775391ZM77.3645345,7.2218116c5.8825073-.0356445,10.3515015,2.402832,13.2368164,7.5927734.109314.1967773.1658325.4262695.222229.6469727.0291138.1142578-.0224609.2260742-.1779785.2734375-.257019.0390625-.4755249-.0878906-.6543579-.2734375-.3981323-.4125977-.80896-.8173828-1.168335-1.262207-2.3540649-2.9155273-5.4005127-4.7133789-9.0009766-5.640625-.8442993-.2172852-1.6757202-.4858398-2.5092773-.7431641-.2354736-.0722656-.5780029-.1523438-.5368042-.4394531.0426025-.296875.3848877-.152832.5886841-.1542969ZM20.3169271,43.8443702c-.3224487.8686523-.6239014,1.7504883-1.020752,2.5859375-2.5993042,5.4716797-3.085022,11.1689453-1.9140015,17.0634766.2746582,1.3818359.4656372,2.78125.6747437,4.1757812.059021.394043.1831665.9487305-.2644043,1.0898438-.4624634.1459961-.4924316-.4536133-.6369629-.7495117-4.1721802-8.5449219-3.7487183-16.7636719,1.7913208-24.6015625.2098999-.296875.505127-.5400391.7871094-.7768555.145813-.1220703.3452148-.1254883.5230103.0678711.2369385.347168.2047119.7543945.0599365,1.1450195Zm1.6051025,40.1728516c7.5846558,9.5517578,17.3511353,15.4208984,29.3483276,17.453125,21.7467651,3.6831055,42.928833-8.0014648,50.5445557-27.7958984,1.3510742-3.5117188,2.1722412-7.1513672,2.4928589-10.8129883,1.1505737-13.1386719-4.1528931-26.5585938-14.6230469-35.3535156-5.840332-4.9057617-12.4750977-8.1767578-19.3685303-9.8662109-16.0026245-3.9223633-33.4080811.730957-45.5683594,13.6147461-1.4712524,1.5585938-2.7245483,3.3232422-4.2210693,5.1674805,6.8379517-13.6572266,25.9818726-27.0073242,49.3034668-22.1425781,20.9396362,4.3676758,36.3383179,23.5405273,36.1751709,45.2529297-.1679688,22.34375-15.9590454,41.0009766-38.2860107,45.0283203-20.375,3.675293-39.0632935-7.8862305-45.7973633-20.5454102Zm55.5400391-40.6791992c1.0210571,0,2.0427246.7661133,2.0427246,2.0429688,0,1.0209961-.7662354,2.0429688-2.0427246,2.0429688h-33.961731c-.7661133,0-1.5323486,0-2.0429688-.2553711v28.0878906c0,1.2768555,1.0214844,2.0429688,2.0429688,2.0429688h33.961731c1.0210571,0,2.0427246,1.0214844,2.0427246,2.5541992,0,1.0205078-.7662354,2.0424805-2.0427246,2.0424805h-33.961731c-3.319458,0-6.12854-2.8085938-6.12854-6.1289062v-34.2163086c0-3.3198242,2.8088379-6.128418,6.12854-6.128418h25.2796021c1.0214844,0,2.0427856.7661133,2.0427856,2.0424805v5.8730469h6.6393433Zm-1.5323486,16.3422852c-1.9743652,0-3.574707-1.6000977-3.574707-3.574707,0-1.9741211,1.6003418-3.574707,3.574707-3.574707s3.5750732,1.6005859,3.5750732,3.574707c0,1.9746094-1.600708,3.574707-3.5750732,3.574707Zm3.5750732,8.6826172c0,1.9741211-1.600708,3.5742188-3.5750732,3.5742188s-3.574707-1.6000977-3.574707-3.5742188c0-1.9746094,1.6003418-3.5756836,3.574707-3.5756836s3.5750732,1.6010742,3.5750732,3.5756836Zm26.3529663,15.640625c-2.545166,9.1616211-8.3133545,15.03125-17.6580811,17.2226562-.3540649.0830078-.7363892.0688477-1.1044312.059082-.1901855-.0048828-.3416138-.1347656-.3464355-.3974609.0529785-.4169922.34729-.7001953.7146606-.8964844.8175049-.4365234,1.6280518-.8964844,2.4790039-1.2583008,5.5744629-2.3706055,9.7168579-6.3120117,12.7501221-11.5.7113037-1.2167969,1.49646-2.390625,2.2650146-3.5727539.217041-.3339844.4920654-.831543.9206543-.6401367.4428711.1972656.067688.6660156-.0205078.9833984Z"/>
11 |   <path class="cls-1" d="m41.457369,41.040171c0,1.2763672,1.0214844,2.0424805,2.0429688,2.0424805h23.2370605v-3.8300781h-23.2370605c-1.0214844,0-2.0429688,1.0214844-2.0429688,1.7875977Z"/>
12 | </svg>


--------------------------------------------------------------------------------
/artwork/rekor/icons/dark blue/sigstore_rekor-icon-sigstoredarkblue.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/rekor/icons/dark blue/sigstore_rekor-icon-sigstoredarkblue.png


--------------------------------------------------------------------------------
/artwork/rekor/icons/dark blue/sigstore_rekor-icon-sigstoredarkblue.svg:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 125 120">
 3 |   <defs>
 4 |     <style>
 5 |       .cls-1 {
 6 |         fill: #2e2f71;
 7 |       }
 8 |     </style>
 9 |   </defs>
10 |   <path class="cls-1" d="m109.9422933,38.9820655c-7.100769-6.0888672-7.9071655-9.5507812-10.3548584-19.015625-2.6619263-10.2944336-16.9299927-19.2294922-27.3804321-16.9970703-8.0006104,1.7094727-15.8115234,2.1591797-23.7595215.2651367-.8413086-.2006836-1.7322998-.2236328-2.6032104-.2626953-4.2260742-.1914062-7.663208,1.347168-10.2867432,4.699707-1.5772095,2.0161133-2.961853,4.1655273-4.1110229,6.434082-3.048645,6.0185547-7.7230835,10.2900391-13.6537476,13.3623047-2.7096558,1.4038086-5.385498,2.9228516-7.8926392,4.65625-3.8612061,2.6694336-7.0163574,5.9614258-7.6196899,10.940918-.4396973,3.6279297.6728516,6.9765625,2.3781128,10.0488281,3.1351318,5.6479492,4.6774902,11.5854492,4.0576172,17.4433594,0,2.4204102-.0651855,4.2441406.0117798,6.0615234.2650757,6.2592773,1.7304688,11.9863281,7.2492676,15.8515625,2.0961914,1.4682617,4.3218384,2.7392578,6.675293,3.6982422,6.8986206,2.8095703,12.4552612,7.1445312,16.2451172,13.6445312.5064087.8686523,1.2446289,1.6142578,1.9368896,2.359375,3.1467285,3.3886719,7.0062256,5.0961914,11.6685181,4.9428711,3.4735718-.1142578,6.7943115-.9423828,9.9241333-2.3574219,9.3667603-4.2353516,18.8435669-7.8881836,29.1243286-9.5375977,7.2749634-1.1669922,12.0172119-6.1279297,14.5369873-13.1069336.8239136-2.2817383,1.2300415-4.6474609,1.5775146-7.0170898.6915283-4.7163086,2.9851685-8.2841797,7.1491089-10.6445312.9477539-.5375977,1.3181763-1.159668,2.2012329-1.800293,3.1641846-2.2958984,5.0458374-5.387207,5.6109009-9.2607422.5878906-4.0297852-.2290649-7.8164062-2.0206909-11.4311523-2.6206055-5.2871094-6.2943115-9.2304688-10.6642456-12.9775391ZM77.3645345,7.2218116c5.8825073-.0356445,10.3515015,2.402832,13.2368164,7.5927734.109314.1967773.1658325.4262695.222229.6469727.0291138.1142578-.0224609.2260742-.1779785.2734375-.257019.0390625-.4755249-.0878906-.6543579-.2734375-.3981323-.4125977-.80896-.8173828-1.168335-1.262207-2.3540649-2.9155273-5.4005127-4.7133789-9.0009766-5.640625-.8442993-.2172852-1.6757202-.4858398-2.5092773-.7431641-.2354736-.0722656-.5780029-.1523438-.5368042-.4394531.0426025-.296875.3848877-.152832.5886841-.1542969ZM20.3169271,43.8443702c-.3224487.8686523-.6239014,1.7504883-1.020752,2.5859375-2.5993042,5.4716797-3.085022,11.1689453-1.9140015,17.0634766.2746582,1.3818359.4656372,2.78125.6747437,4.1757812.059021.394043.1831665.9487305-.2644043,1.0898438-.4624634.1459961-.4924316-.4536133-.6369629-.7495117-4.1721802-8.5449219-3.7487183-16.7636719,1.7913208-24.6015625.2098999-.296875.505127-.5400391.7871094-.7768555.145813-.1220703.3452148-.1254883.5230103.0678711.2369385.347168.2047119.7543945.0599365,1.1450195Zm1.6051025,40.1728516c7.5846558,9.5517578,17.3511353,15.4208984,29.3483276,17.453125,21.7467651,3.6831055,42.928833-8.0014648,50.5445557-27.7958984,1.3510742-3.5117188,2.1722412-7.1513672,2.4928589-10.8129883,1.1505737-13.1386719-4.1528931-26.5585938-14.6230469-35.3535156-5.840332-4.9057617-12.4750977-8.1767578-19.3685303-9.8662109-16.0026245-3.9223633-33.4080811.730957-45.5683594,13.6147461-1.4712524,1.5585938-2.7245483,3.3232422-4.2210693,5.1674805,6.8379517-13.6572266,25.9818726-27.0073242,49.3034668-22.1425781,20.9396362,4.3676758,36.3383179,23.5405273,36.1751709,45.2529297-.1679688,22.34375-15.9590454,41.0009766-38.2860107,45.0283203-20.375,3.675293-39.0632935-7.8862305-45.7973633-20.5454102Zm55.5400391-40.6791992c1.0210571,0,2.0427246.7661133,2.0427246,2.0429688,0,1.0209961-.7662354,2.0429688-2.0427246,2.0429688h-33.961731c-.7661133,0-1.5323486,0-2.0429688-.2553711v28.0878906c0,1.2768555,1.0214844,2.0429688,2.0429688,2.0429688h33.961731c1.0210571,0,2.0427246,1.0214844,2.0427246,2.5541992,0,1.0205078-.7662354,2.0424805-2.0427246,2.0424805h-33.961731c-3.319458,0-6.12854-2.8085938-6.12854-6.1289062v-34.2163086c0-3.3198242,2.8088379-6.128418,6.12854-6.128418h25.2796021c1.0214844,0,2.0427856.7661133,2.0427856,2.0424805v5.8730469h6.6393433Zm-1.5323486,16.3422852c-1.9743652,0-3.574707-1.6000977-3.574707-3.574707,0-1.9741211,1.6003418-3.574707,3.574707-3.574707s3.5750732,1.6005859,3.5750732,3.574707c0,1.9746094-1.600708,3.574707-3.5750732,3.574707Zm3.5750732,8.6826172c0,1.9741211-1.600708,3.5742188-3.5750732,3.5742188s-3.574707-1.6000977-3.574707-3.5742188c0-1.9746094,1.6003418-3.5756836,3.574707-3.5756836s3.5750732,1.6010742,3.5750732,3.5756836Zm26.3529663,15.640625c-2.545166,9.1616211-8.3133545,15.03125-17.6580811,17.2226562-.3540649.0830078-.7363892.0688477-1.1044312.059082-.1901855-.0048828-.3416138-.1347656-.3464355-.3974609.0529785-.4169922.34729-.7001953.7146606-.8964844.8175049-.4365234,1.6280518-.8964844,2.4790039-1.2583008,5.5744629-2.3706055,9.7168579-6.3120117,12.7501221-11.5.7113037-1.2167969,1.49646-2.390625,2.2650146-3.5727539.217041-.3339844.4920654-.831543.9206543-.6401367.4428711.1972656.067688.6660156-.0205078.9833984Z"/>
11 |   <path class="cls-1" d="m41.457369,41.040171c0,1.2763672,1.0214844,2.0424805,2.0429688,2.0424805h23.2370605v-3.8300781h-23.2370605c-1.0214844,0-2.0429688,1.0214844-2.0429688,1.7875977Z"/>
12 | </svg>


--------------------------------------------------------------------------------
/artwork/rekor/icons/white/sigstore_rekor-icon-white.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/rekor/icons/white/sigstore_rekor-icon-white.png


--------------------------------------------------------------------------------
/artwork/rekor/icons/white/sigstore_rekor-icon-white.svg:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 125 120">
 3 |   <defs>
 4 |     <style>
 5 |       .cls-1 {
 6 |         fill: #fff;
 7 |       }
 8 |     </style>
 9 |   </defs>
10 |   <path class="cls-1" d="m109.9422933,38.9820655c-7.100769-6.0888672-7.9071655-9.5507812-10.3548584-19.015625-2.6619263-10.2944336-16.9299927-19.2294922-27.3804321-16.9970703-8.0006104,1.7094727-15.8115234,2.1591797-23.7595215.2651367-.8413086-.2006836-1.7322998-.2236328-2.6032104-.2626953-4.2260742-.1914062-7.663208,1.347168-10.2867432,4.699707-1.5772095,2.0161133-2.961853,4.1655273-4.1110229,6.434082-3.048645,6.0185547-7.7230835,10.2900391-13.6537476,13.3623047-2.7096558,1.4038086-5.385498,2.9228516-7.8926392,4.65625-3.8612061,2.6694336-7.0163574,5.9614258-7.6196899,10.940918-.4396973,3.6279297.6728516,6.9765625,2.3781128,10.0488281,3.1351318,5.6479492,4.6774902,11.5854492,4.0576172,17.4433594,0,2.4204102-.0651855,4.2441406.0117798,6.0615234.2650757,6.2592773,1.7304688,11.9863281,7.2492676,15.8515625,2.0961914,1.4682617,4.3218384,2.7392578,6.675293,3.6982422,6.8986206,2.8095703,12.4552612,7.1445312,16.2451172,13.6445312.5064087.8686523,1.2446289,1.6142578,1.9368896,2.359375,3.1467285,3.3886719,7.0062256,5.0961914,11.6685181,4.9428711,3.4735718-.1142578,6.7943115-.9423828,9.9241333-2.3574219,9.3667603-4.2353516,18.8435669-7.8881836,29.1243286-9.5375977,7.2749634-1.1669922,12.0172119-6.1279297,14.5369873-13.1069336.8239136-2.2817383,1.2300415-4.6474609,1.5775146-7.0170898.6915283-4.7163086,2.9851685-8.2841797,7.1491089-10.6445312.9477539-.5375977,1.3181763-1.159668,2.2012329-1.800293,3.1641846-2.2958984,5.0458374-5.387207,5.6109009-9.2607422.5878906-4.0297852-.2290649-7.8164062-2.0206909-11.4311523-2.6206055-5.2871094-6.2943115-9.2304688-10.6642456-12.9775391ZM77.3645345,7.2218116c5.8825073-.0356445,10.3515015,2.402832,13.2368164,7.5927734.109314.1967773.1658325.4262695.222229.6469727.0291138.1142578-.0224609.2260742-.1779785.2734375-.257019.0390625-.4755249-.0878906-.6543579-.2734375-.3981323-.4125977-.80896-.8173828-1.168335-1.262207-2.3540649-2.9155273-5.4005127-4.7133789-9.0009766-5.640625-.8442993-.2172852-1.6757202-.4858398-2.5092773-.7431641-.2354736-.0722656-.5780029-.1523438-.5368042-.4394531.0426025-.296875.3848877-.152832.5886841-.1542969ZM20.3169271,43.8443702c-.3224487.8686523-.6239014,1.7504883-1.020752,2.5859375-2.5993042,5.4716797-3.085022,11.1689453-1.9140015,17.0634766.2746582,1.3818359.4656372,2.78125.6747437,4.1757812.059021.394043.1831665.9487305-.2644043,1.0898438-.4624634.1459961-.4924316-.4536133-.6369629-.7495117-4.1721802-8.5449219-3.7487183-16.7636719,1.7913208-24.6015625.2098999-.296875.505127-.5400391.7871094-.7768555.145813-.1220703.3452148-.1254883.5230103.0678711.2369385.347168.2047119.7543945.0599365,1.1450195Zm1.6051025,40.1728516c7.5846558,9.5517578,17.3511353,15.4208984,29.3483276,17.453125,21.7467651,3.6831055,42.928833-8.0014648,50.5445557-27.7958984,1.3510742-3.5117188,2.1722412-7.1513672,2.4928589-10.8129883,1.1505737-13.1386719-4.1528931-26.5585938-14.6230469-35.3535156-5.840332-4.9057617-12.4750977-8.1767578-19.3685303-9.8662109-16.0026245-3.9223633-33.4080811.730957-45.5683594,13.6147461-1.4712524,1.5585938-2.7245483,3.3232422-4.2210693,5.1674805,6.8379517-13.6572266,25.9818726-27.0073242,49.3034668-22.1425781,20.9396362,4.3676758,36.3383179,23.5405273,36.1751709,45.2529297-.1679688,22.34375-15.9590454,41.0009766-38.2860107,45.0283203-20.375,3.675293-39.0632935-7.8862305-45.7973633-20.5454102Zm55.5400391-40.6791992c1.0210571,0,2.0427246.7661133,2.0427246,2.0429688,0,1.0209961-.7662354,2.0429688-2.0427246,2.0429688h-33.961731c-.7661133,0-1.5323486,0-2.0429688-.2553711v28.0878906c0,1.2768555,1.0214844,2.0429688,2.0429688,2.0429688h33.961731c1.0210571,0,2.0427246,1.0214844,2.0427246,2.5541992,0,1.0205078-.7662354,2.0424805-2.0427246,2.0424805h-33.961731c-3.319458,0-6.12854-2.8085938-6.12854-6.1289062v-34.2163086c0-3.3198242,2.8088379-6.128418,6.12854-6.128418h25.2796021c1.0214844,0,2.0427856.7661133,2.0427856,2.0424805v5.8730469h6.6393433Zm-1.5323486,16.3422852c-1.9743652,0-3.574707-1.6000977-3.574707-3.574707,0-1.9741211,1.6003418-3.574707,3.574707-3.574707s3.5750732,1.6005859,3.5750732,3.574707c0,1.9746094-1.600708,3.574707-3.5750732,3.574707Zm3.5750732,8.6826172c0,1.9741211-1.600708,3.5742188-3.5750732,3.5742188s-3.574707-1.6000977-3.574707-3.5742188c0-1.9746094,1.6003418-3.5756836,3.574707-3.5756836s3.5750732,1.6010742,3.5750732,3.5756836Zm26.3529663,15.640625c-2.545166,9.1616211-8.3133545,15.03125-17.6580811,17.2226562-.3540649.0830078-.7363892.0688477-1.1044312.059082-.1901855-.0048828-.3416138-.1347656-.3464355-.3974609.0529785-.4169922.34729-.7001953.7146606-.8964844.8175049-.4365234,1.6280518-.8964844,2.4790039-1.2583008,5.5744629-2.3706055,9.7168579-6.3120117,12.7501221-11.5.7113037-1.2167969,1.49646-2.390625,2.2650146-3.5727539.217041-.3339844.4920654-.831543.9206543-.6401367.4428711.1972656.067688.6660156-.0205078.9833984Z"/>
11 |   <path class="cls-1" d="m41.457369,41.040171c0,1.2763672,1.0214844,2.0424805,2.0429688,2.0424805h23.2370605v-3.8300781h-23.2370605c-1.0214844,0-2.0429688,1.0214844-2.0429688,1.7875977Z"/>
12 | </svg>


--------------------------------------------------------------------------------
/artwork/rekor/stacked/black/sigstore_rekor-stacked-black.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/rekor/stacked/black/sigstore_rekor-stacked-black.png


--------------------------------------------------------------------------------
/artwork/rekor/stacked/color reverse/sigstore_rekor-stacked-colorreverse.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/rekor/stacked/color reverse/sigstore_rekor-stacked-colorreverse.png


--------------------------------------------------------------------------------
/artwork/rekor/stacked/color/sigstore_rekor-stacked-color.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/rekor/stacked/color/sigstore_rekor-stacked-color.png


--------------------------------------------------------------------------------
/artwork/rekor/stacked/cream/sigstore_rekor-stacked-sigstorecream.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/rekor/stacked/cream/sigstore_rekor-stacked-sigstorecream.png


--------------------------------------------------------------------------------
/artwork/rekor/stacked/dark blue/sigstore_rekor-stacked-sigstoredarkblue.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/rekor/stacked/dark blue/sigstore_rekor-stacked-sigstoredarkblue.png


--------------------------------------------------------------------------------
/artwork/rekor/stacked/white/sigstore_rekor-stacked-white.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/rekor/stacked/white/sigstore_rekor-stacked-white.png


--------------------------------------------------------------------------------
/artwork/sigstore/horizontal/black/sigstore_horizontal-black.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/sigstore/horizontal/black/sigstore_horizontal-black.png


--------------------------------------------------------------------------------
/artwork/sigstore/horizontal/color reverse/sigstore_horizontal-colorreverse.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/sigstore/horizontal/color reverse/sigstore_horizontal-colorreverse.png


--------------------------------------------------------------------------------
/artwork/sigstore/horizontal/color/sigstore_horizontal-sigstore-color.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/sigstore/horizontal/color/sigstore_horizontal-sigstore-color.png


--------------------------------------------------------------------------------
/artwork/sigstore/horizontal/cream/sigstore_horizontal-sigstorecream.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/sigstore/horizontal/cream/sigstore_horizontal-sigstorecream.png


--------------------------------------------------------------------------------
/artwork/sigstore/horizontal/dark blue/sigstore_horizontal-sigstoredarkblue.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/sigstore/horizontal/dark blue/sigstore_horizontal-sigstoredarkblue.png


--------------------------------------------------------------------------------
/artwork/sigstore/horizontal/white/sigstore_horizontal-white.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/sigstore/horizontal/white/sigstore_horizontal-white.png


--------------------------------------------------------------------------------
/artwork/sigstore/icons/black/sigstore_icon-black.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/sigstore/icons/black/sigstore_icon-black.png


--------------------------------------------------------------------------------
/artwork/sigstore/icons/black/sigstore_icon-black.svg:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 125 120">
 3 |   <defs>
 4 |     <style>
 5 |       .cls-1 {
 6 |         fill: #231f20;
 7 |       }
 8 |     </style>
 9 |   </defs>
10 |   <path class="cls-1" d="m120.606581,51.9593852c-2.6205776-5.2871376-6.2942631-9.2303941-10.6642336-12.9774279-7.1007398-6.0887237-7.9071763-9.5507349-10.3548265-19.0156511-2.6620192-10.2939312-16.9300529-19.229441-27.3805309-16.9966873-8.0005517,1.7093101-15.8115489,2.1589065-23.7595131.2649784-.8412903-.2005341-1.7323243-.2236056-2.6032281-.2629602-4.2260143-.1909019-7.6631996,1.3471837-10.2866955,4.7001672-1.5772739,2.015753-2.9618514,4.1653025-4.1110581,6.4340166-3.048639,6.0184083-7.7231202,10.2897572-13.653812,13.3621213-2.7096242,1.4037387-5.3854897,2.9229268-7.8926763,4.6561799-3.8611416,2.6693695-7.0162627,5.9615322-7.619694,10.9408509-.4395972,3.6277317.672921,6.9764036,2.3781662,10.0485384,3.1351629,5.6480715,4.677497,11.5856148,4.0575992,17.4435775,0,2.4206283-.065161,4.244241.0117938,6.0617992.265116,6.2590767,1.7304953,11.9861785,7.249277,15.8514138,2.0961937,1.4681372,4.3218895,2.7394096,6.6753329,3.6980471,6.8985544,2.8098167,12.4552974,7.1448302,16.2451202,13.6446212.5063807.868553,1.2445946,1.6141803,1.9369063,2.3596241,3.1467331,3.3884393,7.0062176,5.0958688,11.6685152,4.9425786,3.4736101-.1142109,6.7943026-.9422626,9.9241391-2.3573766,9.3668279-4.2352968,18.8435895-7.8881182,29.1243394-9.5375708,7.2749629-1.1671984,12.017231-6.127803,14.5370771-13.1069128.8238204-2.2818781,1.2300086-4.6475568,1.5774975-7.0174094.6915262-4.7161292,2.9851751-8.283774,7.1490443-10.6444989.9478126-.5373415,1.3182297-1.1593091,2.2012769-1.8000367,3.1642087-2.2957302,5.0458557-5.3871295,5.6108899-9.260621.5879337-4.0303135-.2290295-7.8166561-2.0207068-11.4313614ZM76.7759064,7.3762319c.0425883-.2969483.3848769-.153015.5886676-.1542535,5.8825249-.036098,10.3515526,2.4028316,13.2368391,7.5925918.1093259.1966353.1658408.426479.2221837.6471491.0291777.1140274-.0224523.2261742-.1778926.2734181-.2570777.0390794-.475592-.0881121-.6544879-.2734639-.3980639-.4126269-.8088847-.8170893-1.1682935-1.2622365-2.3540569-2.9158173-5.4005114-4.7136982-9.0009518-5.6406409-.8443061-.2173217-1.6757234-.4858778-2.5092851-.7431045-.2355026-.0726088-.5780091-.1520518-.5367796-.4394596ZM20.3168581,43.8441295c-.3223762.86892-.6238711,1.7506829-1.0206679,2.5859359-2.5993465,5.4715263-3.0851097,11.1687681-1.914024,17.0632874.2745934,1.3822267.4656329,2.7815163.6747099,4.1759897.0590491.3939128.183133.9485924-.2644165,1.0898194-.4624394.1458597-.4924025-.4535869-.6369263-.7495719-4.1722056-8.5446243-3.7487654-16.7633577,1.7912874-24.6012507.2099083-.2969483.5051595-.5402312.7871778-.7769091.145745-.1222836.3451725-.125632.5229333.0677468.2369417.3471277.2047539.7545715.0599263,1.1449525Zm1.6050985,40.1728249c7.5846624,9.5520651,17.3512169,15.4209901,29.348398,17.4529804,21.7467874,3.6832317,42.9289247-8.0009072,50.5446454-27.795715,6.1993052-16.1132273,1.2577472-34.9202257-12.1303009-46.1661435-19.3981486-16.2944969-47.5382908-14.6854079-64.9368547,3.7484099-1.4713192,1.5588178-2.7246517,3.3235822-4.2211237,5.1675602,6.8379802-13.6572808,25.9819294-27.0073847,49.3035023-22.1426897,20.9396513,4.3677172,36.3384185,23.5405574,36.1752438,45.2527776-.1679336,22.3437284-15.9590426,41.0010142-38.2860235,45.028484-20.375093,3.6753425-39.0633741-7.8863752-45.7974866-20.545664Zm36.0308461-24.9968606c.024545,0,.0490499-.0000459.0735949-.0000459,0-4.8684103.0719781-9.7380591-.0149816-14.604864-.1803408-10.0942227,8.4640001-13.3001081,15.644441-10.928329,1.4023111.4632191,2.7168771,1.0927549,3.7397696,2.2018388.9492173,1.029228,1.0763113,2.2828414.352993,3.3042718-.6970704.9842775-1.61453,1.1729777-3.0042218.5713296-1.0364751-.4487707-2.0287967-1.0100094-3.0858894-1.3985098-2.6337187-.9678569-5.6240024-.1271915-7.1157213,1.9171831-.642826.8809832-.8143831,1.9087893-.934058,2.9472367-.2311337,2.005708-.1424712,4.0217363-.1439103,6.0338657-.0060259,8.5196722.0086059,17.0393444-.0068114,25.5589707-.0093914,5.194714-2.7450055,9.1066427-7.6023158,10.3836028-4.191774,1.1019744-8.2534382.7026033-11.6503917-2.3799435-1.0185293-.9242366-1.1791699-2.2505504-.580893-3.1990052.6443569-1.0214763,1.6328772-1.309251,2.8509602-.7800281,1.3326035.5788519,2.5457098,1.4491479,4.0286852,1.6579382,4.3844762.6171515,7.4599765-1.2875097,7.450889-6.0562034-.0096093-5.0764209-.0021386-10.1528876-.0021386-15.2293085Zm22.4997649-5.4290068c2.7356542.0313277,4.9361456,2.2488992,4.9449695,4.9833551.00895,2.794818-2.2338603,5.034406-5.023369,5.0162882-2.7267902-.017705-4.9451013-2.2393128-4.9601689-4.9673472-.0152453-2.7602795,2.2910746-5.0637155,5.0385685-5.032296Zm-39.0065496,9.9991387c-2.7810805-.0179343-4.9982105-2.2960972-4.952658-5.0890345.0444172-2.7230807,2.3015612-4.930286,5.0201812-4.909141,2.708661.0210533,4.9471539,2.2637145,4.9682015,4.9775299.0214489,2.766334-2.2576198,5.0385799-5.0357247,5.0206456Zm64.4117771,20.4130601c-2.5451365,9.1618675-8.3133129,15.03171-17.6580841,17.2226781-.3540824.0830208-.7363849.0692604-1.1043996.0593071-.1902081-.0051831-.3416751-.1349431-.3464396-.3975364.0529372-.4169385.347271-.7004933.7145862-.8965783.8175767-.4364323,1.6280725-.8963948,2.4790582-1.2582919,5.5744307-2.3705865,9.716851-6.3120541,12.7501586-11.5000714.7112665-1.2165522,1.4964777-2.3904014,2.2649586-3.5727362.2170695-.3339636.4920986-.8313542.9206933-.6401772.4428309.1975068.067655.6660925-.0205316.983406Z"/>
11 | </svg>


--------------------------------------------------------------------------------
/artwork/sigstore/icons/color/sigstore_icon-color.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/sigstore/icons/color/sigstore_icon-color.png


--------------------------------------------------------------------------------
/artwork/sigstore/icons/cream/sigstore_icon-sigstorecream.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/sigstore/icons/cream/sigstore_icon-sigstorecream.png


--------------------------------------------------------------------------------
/artwork/sigstore/icons/dark blue/sigstore_icon-sigstoredarkblue.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/sigstore/icons/dark blue/sigstore_icon-sigstoredarkblue.png


--------------------------------------------------------------------------------
/artwork/sigstore/icons/white/sigstore_icon-white.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/sigstore/icons/white/sigstore_icon-white.png


--------------------------------------------------------------------------------
/artwork/sigstore/icons/white/sigstore_icon-white.svg:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 125 120">
 3 |   <defs>
 4 |     <style>
 5 |       .cls-1 {
 6 |         fill: #fff;
 7 |       }
 8 |     </style>
 9 |   </defs>
10 |   <path class="cls-1" d="m120.606581,51.9593852c-2.6205776-5.2871376-6.2942631-9.2303941-10.6642336-12.9774279-7.1007398-6.0887237-7.9071763-9.5507349-10.3548265-19.0156511-2.6620192-10.2939312-16.9300529-19.229441-27.3805309-16.9966873-8.0005517,1.7093101-15.8115489,2.1589065-23.7595131.2649784-.8412903-.2005341-1.7323243-.2236056-2.6032281-.2629602-4.2260143-.1909019-7.6631996,1.3471837-10.2866955,4.7001672-1.5772739,2.015753-2.9618514,4.1653025-4.1110581,6.4340166-3.048639,6.0184083-7.7231202,10.2897572-13.653812,13.3621213-2.7096242,1.4037387-5.3854897,2.9229268-7.8926763,4.6561799-3.8611416,2.6693695-7.0162627,5.9615322-7.619694,10.9408509-.4395972,3.6277317.672921,6.9764036,2.3781662,10.0485384,3.1351629,5.6480715,4.677497,11.5856148,4.0575992,17.4435775,0,2.4206283-.065161,4.244241.0117938,6.0617992.265116,6.2590767,1.7304953,11.9861785,7.249277,15.8514138,2.0961937,1.4681372,4.3218895,2.7394096,6.6753329,3.6980471,6.8985544,2.8098167,12.4552974,7.1448302,16.2451202,13.6446212.5063807.868553,1.2445946,1.6141803,1.9369063,2.3596241,3.1467331,3.3884393,7.0062176,5.0958688,11.6685152,4.9425786,3.4736101-.1142109,6.7943026-.9422626,9.9241391-2.3573766,9.3668279-4.2352968,18.8435895-7.8881182,29.1243394-9.5375708,7.2749629-1.1671984,12.017231-6.127803,14.5370771-13.1069128.8238204-2.2818781,1.2300086-4.6475568,1.5774975-7.0174094.6915262-4.7161292,2.9851751-8.283774,7.1490443-10.6444989.9478126-.5373415,1.3182297-1.1593091,2.2012769-1.8000367,3.1642087-2.2957302,5.0458557-5.3871295,5.6108899-9.260621.5879337-4.0303135-.2290295-7.8166561-2.0207068-11.4313614ZM76.7759064,7.3762319c.0425883-.2969483.3848769-.153015.5886676-.1542535,5.8825249-.036098,10.3515526,2.4028316,13.2368391,7.5925918.1093259.1966353.1658408.426479.2221837.6471491.0291777.1140274-.0224523.2261742-.1778926.2734181-.2570777.0390794-.475592-.0881121-.6544879-.2734639-.3980639-.4126269-.8088847-.8170893-1.1682935-1.2622365-2.3540569-2.9158173-5.4005114-4.7136982-9.0009518-5.6406409-.8443061-.2173217-1.6757234-.4858778-2.5092851-.7431045-.2355026-.0726088-.5780091-.1520518-.5367796-.4394596ZM20.3168581,43.8441295c-.3223762.86892-.6238711,1.7506829-1.0206679,2.5859359-2.5993465,5.4715263-3.0851097,11.1687681-1.914024,17.0632874.2745934,1.3822267.4656329,2.7815163.6747099,4.1759897.0590491.3939128.183133.9485924-.2644165,1.0898194-.4624394.1458597-.4924025-.4535869-.6369263-.7495719-4.1722056-8.5446243-3.7487654-16.7633577,1.7912874-24.6012507.2099083-.2969483.5051595-.5402312.7871778-.7769091.145745-.1222836.3451725-.125632.5229333.0677468.2369417.3471277.2047539.7545715.0599263,1.1449525Zm1.6050985,40.1728249c7.5846624,9.5520651,17.3512169,15.4209901,29.348398,17.4529804,21.7467874,3.6832317,42.9289247-8.0009072,50.5446454-27.795715,6.1993052-16.1132273,1.2577472-34.9202257-12.1303009-46.1661435-19.3981486-16.2944969-47.5382908-14.6854079-64.9368547,3.7484099-1.4713192,1.5588178-2.7246517,3.3235822-4.2211237,5.1675602,6.8379802-13.6572808,25.9819294-27.0073847,49.3035023-22.1426897,20.9396513,4.3677172,36.3384185,23.5405574,36.1752438,45.2527776-.1679336,22.3437284-15.9590426,41.0010142-38.2860235,45.028484-20.375093,3.6753425-39.0633741-7.8863752-45.7974866-20.545664Zm36.0308461-24.9968606c.024545,0,.0490499-.0000459.0735949-.0000459,0-4.8684103.0719781-9.7380591-.0149816-14.604864-.1803408-10.0942227,8.4640001-13.3001081,15.644441-10.928329,1.4023111.4632191,2.7168771,1.0927549,3.7397696,2.2018388.9492173,1.029228,1.0763113,2.2828414.352993,3.3042718-.6970704.9842775-1.61453,1.1729777-3.0042218.5713296-1.0364751-.4487707-2.0287967-1.0100094-3.0858894-1.3985098-2.6337187-.9678569-5.6240024-.1271915-7.1157213,1.9171831-.642826.8809832-.8143831,1.9087893-.934058,2.9472367-.2311337,2.005708-.1424712,4.0217363-.1439103,6.0338657-.0060259,8.5196722.0086059,17.0393444-.0068114,25.5589707-.0093914,5.194714-2.7450055,9.1066427-7.6023158,10.3836028-4.191774,1.1019744-8.2534382.7026033-11.6503917-2.3799435-1.0185293-.9242366-1.1791699-2.2505504-.580893-3.1990052.6443569-1.0214763,1.6328772-1.309251,2.8509602-.7800281,1.3326035.5788519,2.5457098,1.4491479,4.0286852,1.6579382,4.3844762.6171515,7.4599765-1.2875097,7.450889-6.0562034-.0096093-5.0764209-.0021386-10.1528876-.0021386-15.2293085Zm22.4997649-5.4290068c2.7356542.0313277,4.9361456,2.2488992,4.9449695,4.9833551.00895,2.794818-2.2338603,5.034406-5.023369,5.0162882-2.7267902-.017705-4.9451013-2.2393128-4.9601689-4.9673472-.0152453-2.7602795,2.2910746-5.0637155,5.0385685-5.032296Zm-39.0065496,9.9991387c-2.7810805-.0179343-4.9982105-2.2960972-4.952658-5.0890345.0444172-2.7230807,2.3015612-4.930286,5.0201812-4.909141,2.708661.0210533,4.9471539,2.2637145,4.9682015,4.9775299.0214489,2.766334-2.2576198,5.0385799-5.0357247,5.0206456Zm64.4117771,20.4130601c-2.5451365,9.1618675-8.3133129,15.03171-17.6580841,17.2226781-.3540824.0830208-.7363849.0692604-1.1043996.0593071-.1902081-.0051831-.3416751-.1349431-.3464396-.3975364.0529372-.4169385.347271-.7004933.7145862-.8965783.8175767-.4364323,1.6280725-.8963948,2.4790582-1.2582919,5.5744307-2.3705865,9.716851-6.3120541,12.7501586-11.5000714.7112665-1.2165522,1.4964777-2.3904014,2.2649586-3.5727362.2170695-.3339636.4920986-.8313542.9206933-.6401772.4428309.1975068.067655.6660925-.0205316.983406Z"/>
11 | </svg>


--------------------------------------------------------------------------------
/artwork/sigstore/stacked/black/sigstore_stacked-black.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/sigstore/stacked/black/sigstore_stacked-black.png


--------------------------------------------------------------------------------
/artwork/sigstore/stacked/color reverse/sigstore_stacked-colorreverse.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/sigstore/stacked/color reverse/sigstore_stacked-colorreverse.png


--------------------------------------------------------------------------------
/artwork/sigstore/stacked/color/sigstore_stacked-color.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/sigstore/stacked/color/sigstore_stacked-color.png


--------------------------------------------------------------------------------
/artwork/sigstore/stacked/cream/sigstore_stacked-sigstorecream.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/sigstore/stacked/cream/sigstore_stacked-sigstorecream.png


--------------------------------------------------------------------------------
/artwork/sigstore/stacked/dark blue/sigstore_stacked-sigstoredarkblue.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/sigstore/stacked/dark blue/sigstore_stacked-sigstoredarkblue.png


--------------------------------------------------------------------------------
/artwork/sigstore/stacked/white/sigstore_stacked-white.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/artwork/sigstore/stacked/white/sigstore_stacked-white.png


--------------------------------------------------------------------------------
/awards/README.md:
--------------------------------------------------------------------------------
 1 | # Sigstore Community Awards
 2 | 
 3 | The Sigstore community gives awards to recognize all the work that makes the sigstore project and community thrive. 
 4 | 
 5 | The first set of community awards will be presented at [SigstoreCon](https://events.linuxfoundation.org/sigstorecon-north-america/) on October 25th 2022. 
 6 | 
 7 | ### Award Categories
 8 | 
 9 | The award categories are:
10 | 
11 |    * Most Valuable Contributor - for the individual who has made a huge impact to the project this year
12 |    * Best Evangelist - for the individual who has gone above and beyond to spread the word about sigstore
13 |    * Best User Adopter- to the individual, team or organization who have adopted sigstore and have shared their impactful story with others
14 | 
15 | ### Award Nominations & Voting
16 | The nomination process will take place through github issues at this repo - the Sigstore community is invited to nominate potential recipients for each award.
17 | 
18 | A shortlist is created based on all eligible entries and the final voting is carried out by the Sigstore TSC. 
19 | 
20 | ### Timeline 2022
21 | 
22 | The tentative timeline is
23 | 
24 |    * Awards ordered: Tuesday, September 6, 2022
25 |    * Nominations open: Tuesday, September 6, 2022
26 |    * Nominations close: Tuesday, September 13, 2022
27 |    * Voting opens: Thursday, September 15, 2022
28 |    * Voting closes: Monday, September 26, 2022
29 |    * Winner names sent to be engraved: Wednesday, September 28, 2022
30 |    * Winners announced at SigstoreCon: Tuesday, October 25, 2022
31 | 


--------------------------------------------------------------------------------
/docs/claimantmodel/fulcio/identity/full.md:
--------------------------------------------------------------------------------
 1 | <!--- This content generated with:
 2 | go run github.com/google/trillian/docs/claimantmodel/experimental/cmd/render@master --full_model_file ./docs/claimantmodel/fulcio/identity/full.yaml 
 3 | -->
 4 | <dl>
 5 | <dt>Claim<sup>Fulcio</sup></dt>
 6 | <dd><i>${OIDCIDOwner} authorizes Fulcio to bind ${PubKey} to ${OIDCIdentity}</i></dd>
 7 | <dt>Statement<sup>Fulcio</sup></dt>
 8 | <dd>X.509 certificate containing ${PubKey} and ${OIDCIdentity}, signed by Fulcio</dd>
 9 | <dt>Claimant<sup>Fulcio</sup></dt>
10 | <dd>Fulcio</dd>
11 | <dt>Believer<sup>Fulcio</sup></dt>
12 | <dd>Software Installer</dd>
13 | <dt>Verifier<sup>Fulcio</sup></dt>
14 | <dd>${OIDCIDOwner}: <i>${OIDCIDOwner} authorizes Fulcio to bind ${PubKey} to ${OIDCIdentity}</i></dd>
15 | <dt>Arbiter<sup>Fulcio</sup></dt>
16 | <dd>Community</dd>
17 | </dl>
18 | <dl>
19 | <dt>Claim<sup>LOG_Fulcio</sup></dt>
20 | <dd><i><ol><li>This data structure is append-only from any previous version</li><li>This data structure is globally consistent</li><li>This data structure contains only leaves of type `X.509 certificate containing ${PubKey} and ${OIDCIdentity}, signed by Fulcio`</li></ol></i></dd>
21 | <dt>Statement<sup>LOG_Fulcio</sup></dt>
22 | <dd>Log Checkpoint</dd>
23 | <dt>Claimant<sup>LOG_Fulcio</sup></dt>
24 | <dd>Log Operator</dd>
25 | <dt>Believer<sup>LOG_Fulcio</sup></dt>
26 | <dd><ul><li>Software Installer</li><li>${OIDCIDOwner}</li></ul></dd>
27 | <dt>Verifier<sup>LOG_Fulcio</sup></dt>
28 | <dd><ul><li>Witness: <i>This data structure is append-only from any previous version</i></li><li>Witness Quorum: <i>This data structure is globally consistent</i></li><li>${OIDCIDOwner}: <i>This data structure contains only leaves of type `X.509 certificate containing ${PubKey} and ${OIDCIdentity}, signed by Fulcio`</i></li></ul></dd>
29 | <dt>Arbiter<sup>LOG_Fulcio</sup></dt>
30 | <dd>Community</dd>
31 | </dl>


--------------------------------------------------------------------------------
/docs/claimantmodel/fulcio/identity/full.yaml:
--------------------------------------------------------------------------------
 1 | Domain:
 2 |   System: Fulcio
 3 |   Claimant: Fulcio
 4 |   Statement: X.509 certificate containing ${PubKey} and ${OIDCIdentity}, signed by
 5 |     Fulcio
 6 |   Believer: Software Installer
 7 |   Claim:
 8 |     Claim: ${OIDCIDOwner} authorizes Fulcio to bind ${PubKey} to ${OIDCIdentity}
 9 |     Verifier: ${OIDCIDOwner}
10 |   Arbiter: Community
11 | Log:
12 |   System: LOG_Fulcio
13 |   Claimant: Log Operator
14 |   Statement: Log Checkpoint
15 |   Believers:
16 |   - Software Installer
17 |   - ${OIDCIDOwner}
18 |   Claims:
19 |   - Claim: This data structure is append-only from any previous version
20 |     Verifier: Witness
21 |   - Claim: This data structure is globally consistent
22 |     Verifier: Witness Quorum
23 |   - Claim: This data structure contains only leaves of type `X.509 certificate containing
24 |       ${PubKey} and ${OIDCIdentity}, signed by Fulcio`
25 |     Verifier: ${OIDCIDOwner}
26 |   Arbiter: Community


--------------------------------------------------------------------------------
/docs/claimantmodel/fulcio/identity/logsequence.md:
--------------------------------------------------------------------------------
 1 | <!--- This content generated with:
 2 | go run github.com/google/trillian/docs/claimantmodel/experimental/cmd/render@master --full_model_file ./docs/claimantmodel/fulcio/identity/full.yaml 
 3 | -->
 4 | ```mermaid
 5 | sequenceDiagram
 6 |     actor Fulcio
 7 |     actor ${OIDCIDOwner}
 8 |     actor Log Operator
 9 |     actor Software Installer
10 |     actor Witness
11 |     actor Witness Quorum
12 |     Fulcio->>Log Operator: Add new X.509 certificate containing ${PubKey} and ${OIDCIdentity}, signed by Fulcio
13 |     Log Operator->>Log Operator: Integrate X.509 certificate containing ${PubKey} and ${OIDCIdentity}, signed by Fulcios and issue Log Checkpoint
14 |     Log Operator->>Fulcio: Log Checkpoint and inclusion proof
15 |     Fulcio->>Software Installer: X.509 certificate containing ${PubKey} and ${OIDCIdentity}, signed by Fulcio with proof bundle
16 |     Software Installer->>Software Installer: Verify bundle and install software
17 |     loop Periodic append-only Verification
18 |         Witness->>Log Operator: Fetch merkle data
19 |         Witness->>Witness: Verify append-only
20 |     end
21 |     loop Periodic X.509 certificate containing ${PubKey} and ${OIDCIdentity}, signed by Fulcio Verification
22 |         ${OIDCIDOwner}->>Log Operator: Get all entries
23 |         ${OIDCIDOwner}->>${OIDCIDOwner}: Verify: ${OIDCIDOwner} authorizes Fulcio to bind ${PubKey} to ${OIDCIdentity}
24 |     end
25 | ```


--------------------------------------------------------------------------------
/docs/claimantmodel/fulcio/identity/model.md:
--------------------------------------------------------------------------------
 1 | <!--- This content generated with:
 2 | go run github.com/google/trillian/docs/claimantmodel/experimental/cmd/render@master --domain_model_file ./docs/claimantmodel/fulcio/identity/model.yaml 
 3 | -->
 4 | <dl>
 5 | <dt>Claim<sup>Fulcio</sup></dt>
 6 | <dd><i>${OIDCIDOwner} authorizes Fulcio to bind ${PubKey} to ${OIDCIdentity}</i></dd>
 7 | <dt>Statement<sup>Fulcio</sup></dt>
 8 | <dd>X.509 certificate containing ${PubKey} and ${OIDCIdentity}, signed by Fulcio</dd>
 9 | <dt>Claimant<sup>Fulcio</sup></dt>
10 | <dd>Fulcio</dd>
11 | <dt>Believer<sup>Fulcio</sup></dt>
12 | <dd>Software Installer</dd>
13 | <dt>Verifier<sup>Fulcio</sup></dt>
14 | <dd>${OIDCIDOwner}: <i>${OIDCIDOwner} authorizes Fulcio to bind ${PubKey} to ${OIDCIdentity}</i></dd>
15 | <dt>Arbiter<sup>Fulcio</sup></dt>
16 | <dd>Community</dd>
17 | </dl>


--------------------------------------------------------------------------------
/docs/claimantmodel/fulcio/identity/model.yaml:
--------------------------------------------------------------------------------
1 | System:    "Fulcio"
2 | Claim:
3 |     Claim: "${OIDCIDOwner} authorizes Fulcio to bind ${PubKey} to ${OIDCIdentity}"
4 |     Verifier: "${OIDCIDOwner}"
5 | Statement: "X.509 certificate containing ${PubKey} and ${OIDCIdentity}, signed by Fulcio"
6 | Claimant:  "Fulcio"
7 | Believer:  "Software Installer"
8 | Arbiter:   "Community"
9 | 


--------------------------------------------------------------------------------
/docs/claimantmodel/rekor/identity/full.md:
--------------------------------------------------------------------------------
 1 | <!--- This content generated with:
 2 | go run github.com/google/trillian/docs/claimantmodel/experimental/cmd/render@master --full_model_file ./docs/claimantmodel/rekor/identity/full.yaml 
 3 | -->
 4 | <dl>
 5 | <dt>Claim<sup>Rekor</sup></dt>
 6 | <dd><i>${OIDCIdentity} signs ${Hash} using the key bound by ${Certificate}</i></dd>
 7 | <dt>Statement<sup>Rekor</sup></dt>
 8 | <dd>${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, and signature over ${Hash}</dd>
 9 | <dt>Claimant<sup>Rekor</sup></dt>
10 | <dd>${OIDCIDOwner}</dd>
11 | <dt>Believer<sup>Rekor</sup></dt>
12 | <dd>Software Installer</dd>
13 | <dt>Verifier<sup>Rekor</sup></dt>
14 | <dd>${OIDCIDOwner}: <i>${OIDCIdentity} signs ${Hash} using the key bound by ${Certificate}</i></dd>
15 | <dt>Arbiter<sup>Rekor</sup></dt>
16 | <dd>Community, identity-artifact mapping</dd>
17 | </dl>
18 | <dl>
19 | <dt>Claim<sup>LOG_Rekor</sup></dt>
20 | <dd><i><ol><li>This data structure is append-only from any previous version</li><li>This data structure is globally consistent</li><li>This data structure contains only leaves of type `${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, and signature over ${Hash}`</li></ol></i></dd>
21 | <dt>Statement<sup>LOG_Rekor</sup></dt>
22 | <dd>Log Checkpoint</dd>
23 | <dt>Claimant<sup>LOG_Rekor</sup></dt>
24 | <dd>Log Operator</dd>
25 | <dt>Believer<sup>LOG_Rekor</sup></dt>
26 | <dd><ul><li>Software Installer</li><li>${OIDCIDOwner}</li></ul></dd>
27 | <dt>Verifier<sup>LOG_Rekor</sup></dt>
28 | <dd><ul><li>Witness: <i>This data structure is append-only from any previous version</i></li><li>Witness Quorum: <i>This data structure is globally consistent</i></li><li>${OIDCIDOwner}: <i>This data structure contains only leaves of type `${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, and signature over ${Hash}`</i></li></ul></dd>
29 | <dt>Arbiter<sup>LOG_Rekor</sup></dt>
30 | <dd>Community, identity-artifact mapping</dd>
31 | </dl>


--------------------------------------------------------------------------------
/docs/claimantmodel/rekor/identity/full.yaml:
--------------------------------------------------------------------------------
 1 | Domain:
 2 |   System: Rekor
 3 |   Claimant: ${OIDCIDOwner}
 4 |   Statement: ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity},
 5 |     and signature over ${Hash}
 6 |   Believer: Software Installer
 7 |   Claim:
 8 |     Claim: ${OIDCIdentity} signs ${Hash} using the key bound by ${Certificate}
 9 |     Verifier: ${OIDCIDOwner}
10 |   Arbiter: Community, identity-artifact mapping
11 | Log:
12 |   System: LOG_Rekor
13 |   Claimant: Log Operator
14 |   Statement: Log Checkpoint
15 |   Believers:
16 |   - Software Installer
17 |   - ${OIDCIDOwner}
18 |   Claims:
19 |   - Claim: This data structure is append-only from any previous version
20 |     Verifier: Witness
21 |   - Claim: This data structure is globally consistent
22 |     Verifier: Witness Quorum
23 |   - Claim: This data structure contains only leaves of type `${Hash}, X.509 certificate
24 |       ${Certificate} containing ${OIDCIdentity}, and signature over ${Hash}`
25 |     Verifier: ${OIDCIDOwner}
26 |   Arbiter: 'Community, identity-artifact mapping'
27 | 


--------------------------------------------------------------------------------
/docs/claimantmodel/rekor/identity/logsequence.md:
--------------------------------------------------------------------------------
 1 | <!--- This content generated with:
 2 | go run github.com/google/trillian/docs/claimantmodel/experimental/cmd/render@master --full_model_file ./docs/claimantmodel/rekor/identity/full.yaml 
 3 | -->
 4 | ```mermaid
 5 | sequenceDiagram
 6 |     actor ${OIDCIDOwner}
 7 |     actor Log Operator
 8 |     actor Software Installer
 9 |     actor Witness
10 |     actor Witness Quorum
11 |     ${OIDCIDOwner}->>Log Operator: Add new ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, and signature over ${Hash}
12 |     Log Operator->>Log Operator: Integrate ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, and signature over ${Hash}s and issue Log Checkpoint
13 |     Log Operator->>${OIDCIDOwner}: Log Checkpoint and inclusion proof
14 |     ${OIDCIDOwner}->>Software Installer: ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, and signature over ${Hash} with proof bundle
15 |     Software Installer->>Software Installer: Verify bundle and install software
16 |     loop Periodic append-only Verification
17 |         Witness->>Log Operator: Fetch merkle data
18 |         Witness->>Witness: Verify append-only
19 |     end
20 |     loop Periodic ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, and signature over ${Hash} Verification
21 |         ${OIDCIDOwner}->>Log Operator: Get all entries
22 |         ${OIDCIDOwner}->>${OIDCIDOwner}: Verify: ${OIDCIdentity} signs ${Hash} using the key bound by ${Certificate}
23 |     end
24 | ```


--------------------------------------------------------------------------------
/docs/claimantmodel/rekor/identity/model.md:
--------------------------------------------------------------------------------
 1 | <!--- This content generated with:
 2 | go run github.com/google/trillian/docs/claimantmodel/experimental/cmd/render@master --domain_model_file ./docs/claimantmodel/rekor/identity/model.yaml 
 3 | -->
 4 | <dl>
 5 | <dt>Claim<sup>Rekor</sup></dt>
 6 | <dd><i>${OIDCIdentity} signs ${Hash} using the key bound by ${Certificate}</i></dd>
 7 | <dt>Statement<sup>Rekor</sup></dt>
 8 | <dd>${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, and signature over ${Hash}</dd>
 9 | <dt>Claimant<sup>Rekor</sup></dt>
10 | <dd>${OIDCIDOwner}</dd>
11 | <dt>Believer<sup>Rekor</sup></dt>
12 | <dd>Software Installer</dd>
13 | <dt>Verifier<sup>Rekor</sup></dt>
14 | <dd>${OIDCIDOwner}: <i>${OIDCIdentity} signs ${Hash} using the key bound by ${Certificate}</i></dd>
15 | <dt>Arbiter<sup>Rekor</sup></dt>
16 | <dd>Community, identity-artifact mapping</dd>
17 | </dl>


--------------------------------------------------------------------------------
/docs/claimantmodel/rekor/identity/model.yaml:
--------------------------------------------------------------------------------
1 | System:    "Rekor"
2 | Claim:
3 |     Claim: "${OIDCIdentity} signs ${Hash} using the key bound by ${Certificate}"
4 |     Verifier: "${OIDCIDOwner}"
5 | Statement: "${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, and signature over ${Hash}"
6 | Claimant:  "${OIDCIDOwner}"
7 | Believer:  "Software Installer"
8 | Arbiter:   "Community, identity-artifact mapping"
9 | 


--------------------------------------------------------------------------------
/docs/claimantmodel/rekor/key/full.md:
--------------------------------------------------------------------------------
 1 | <!--- This content generated with:
 2 | go run github.com/google/trillian/docs/claimantmodel/experimental/cmd/render@master --full_model_file ./docs/claimantmodel/rekor/key/full.yaml 
 3 | -->
 4 | <dl>
 5 | <dt>Claim<sup>Rekor</sup></dt>
 6 | <dd><i>${Key} signs ${Hash}, verifiable with ${PubKey}</i></dd>
 7 | <dt>Statement<sup>Rekor</sup></dt>
 8 | <dd>${Hash}, public key ${PubKey}, and signature over ${Hash}</dd>
 9 | <dt>Claimant<sup>Rekor</sup></dt>
10 | <dd>${KeyOwner}</dd>
11 | <dt>Believer<sup>Rekor</sup></dt>
12 | <dd>Software Installer</dd>
13 | <dt>Verifier<sup>Rekor</sup></dt>
14 | <dd>${KeyOwner}: <i>${Key} signs ${Hash}, verifiable with ${PubKey}</i></dd>
15 | <dt>Arbiter<sup>Rekor</sup></dt>
16 | <dd>Community, key-artifact mapping</dd>
17 | </dl>
18 | <dl>
19 | <dt>Claim<sup>LOG_Rekor</sup></dt>
20 | <dd><i><ol><li>This data structure is append-only from any previous version</li><li>This data structure is globally consistent</li><li>This data structure contains only leaves of type `${Hash}, public key ${PubKey}, and signature over ${Hash}`</li></ol></i></dd>
21 | <dt>Statement<sup>LOG_Rekor</sup></dt>
22 | <dd>Log Checkpoint</dd>
23 | <dt>Claimant<sup>LOG_Rekor</sup></dt>
24 | <dd>Log Operator</dd>
25 | <dt>Believer<sup>LOG_Rekor</sup></dt>
26 | <dd><ul><li>Software Installer</li><li>${KeyOwner}</li></ul></dd>
27 | <dt>Verifier<sup>LOG_Rekor</sup></dt>
28 | <dd><ul><li>Witness: <i>This data structure is append-only from any previous version</i></li><li>Witness Quorum: <i>This data structure is globally consistent</i></li><li>${KeyOwner}: <i>This data structure contains only leaves of type `${Hash}, public key ${PubKey}, and signature over ${Hash}`</i></li></ul></dd>
29 | <dt>Arbiter<sup>LOG_Rekor</sup></dt>
30 | <dd>Community, key-artifact mapping</dd>
31 | </dl>


--------------------------------------------------------------------------------
/docs/claimantmodel/rekor/key/full.yaml:
--------------------------------------------------------------------------------
 1 | Domain:
 2 |   System: Rekor
 3 |   Claimant: ${KeyOwner}
 4 |   Statement: ${Hash}, public key ${PubKey}, and signature over ${Hash}
 5 |   Believer: Software Installer
 6 |   Claim:
 7 |     Claim: '${Key} signs ${Hash}, verifiable with ${PubKey}'
 8 |     Verifier: ${KeyOwner}
 9 |   Arbiter: Community, key-artifact mapping
10 | Log:
11 |   System: LOG_Rekor
12 |   Claimant: Log Operator
13 |   Statement: Log Checkpoint
14 |   Believers:
15 |   - Software Installer
16 |   - ${KeyOwner}
17 |   Claims:
18 |   - Claim: This data structure is append-only from any previous version
19 |     Verifier: Witness
20 |   - Claim: This data structure is globally consistent
21 |     Verifier: Witness Quorum
22 |   - Claim: This data structure contains only leaves of type `${Hash}, public key ${PubKey},
23 |       and signature over ${Hash}`
24 |     Verifier: ${KeyOwner}
25 |   Arbiter: 'Community, key-artifact mapping'


--------------------------------------------------------------------------------
/docs/claimantmodel/rekor/key/logsequence.md:
--------------------------------------------------------------------------------
 1 | <!--- This content generated with:
 2 | go run github.com/google/trillian/docs/claimantmodel/experimental/cmd/render@master --full_model_file ./docs/claimantmodel/rekor/key/full.yaml 
 3 | -->
 4 | ```mermaid
 5 | sequenceDiagram
 6 |     actor ${KeyOwner}
 7 |     actor Log Operator
 8 |     actor Software Installer
 9 |     actor Witness
10 |     actor Witness Quorum
11 |     ${KeyOwner}->>Log Operator: Add new ${Hash}, public key ${PubKey}, and signature over ${Hash}
12 |     Log Operator->>Log Operator: Integrate ${Hash}, public key ${PubKey}, and signature over ${Hash}s and issue Log Checkpoint
13 |     Log Operator->>${KeyOwner}: Log Checkpoint and inclusion proof
14 |     ${KeyOwner}->>Software Installer: ${Hash}, public key ${PubKey}, and signature over ${Hash} with proof bundle
15 |     Software Installer->>Software Installer: Verify bundle and install software
16 |     loop Periodic append-only Verification
17 |         Witness->>Log Operator: Fetch merkle data
18 |         Witness->>Witness: Verify append-only
19 |     end
20 |     loop Periodic ${Hash}, public key ${PubKey}, and signature over ${Hash} Verification
21 |         ${KeyOwner}->>Log Operator: Get all entries
22 |         ${KeyOwner}->>${KeyOwner}: Verify: ${Key} signs ${Hash}, verifiable with ${PubKey}
23 |     end
24 | ```


--------------------------------------------------------------------------------
/docs/claimantmodel/rekor/key/model.md:
--------------------------------------------------------------------------------
 1 | <!--- This content generated with:
 2 | go run github.com/google/trillian/docs/claimantmodel/experimental/cmd/render@master --domain_model_file ./docs/claimantmodel/rekor/key/model.yaml 
 3 | -->
 4 | <dl>
 5 | <dt>Claim<sup>Rekor</sup></dt>
 6 | <dd><i>${Key} signs ${Hash}, verifiable with ${PubKey} </i></dd>
 7 | <dt>Statement<sup>Rekor</sup></dt>
 8 | <dd>${Hash}, public key ${PubKey}, and signature over ${Hash}</dd>
 9 | <dt>Claimant<sup>Rekor</sup></dt>
10 | <dd>${KeyOwner}</dd>
11 | <dt>Believer<sup>Rekor</sup></dt>
12 | <dd>Software Installer</dd>
13 | <dt>Verifier<sup>Rekor</sup></dt>
14 | <dd>${KeyOwner}: <i>${Key} signs ${Hash}, verifiable with ${PubKey}</i></dd>
15 | <dt>Arbiter<sup>Rekor</sup></dt>
16 | <dd>Community, key-artifact mapping</dd>
17 | </dl>


--------------------------------------------------------------------------------
/docs/claimantmodel/rekor/key/model.yaml:
--------------------------------------------------------------------------------
1 | System:    "Rekor"
2 | Claim:
3 |     Claim: "${Key} signs ${Hash}, verifiable with ${PubKey}"
4 |     Verifier: "${KeyOwner}"
5 | Statement: "${Hash}, public key ${PubKey}, and signature over ${Hash}"
6 | Claimant:  "${KeyOwner}"
7 | Believer:  "Software Installer"
8 | Arbiter:   "Community, key-artifact mapping"
9 | 


--------------------------------------------------------------------------------
/docs/claimantmodel/rekor/provenance/full.md:
--------------------------------------------------------------------------------
 1 | <!--- This content generated with:
 2 | go run github.com/google/trillian/docs/claimantmodel/experimental/cmd/render@master --full_model_file ./docs/claimantmodel/rekor/provenance/full.yaml 
 3 | -->
 4 | <dl>
 5 | <dt>Claim<sup>Rekor</sup></dt>
 6 | <dd><i>${OIDCIdentity} signs ${Provenance} containing ${Subject}, using the key bound by ${Certificate}</i></dd>
 7 | <dt>Statement<sup>Rekor</sup></dt>
 8 | <dd>${Provenance} with ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, signature over ${Subject}</dd>
 9 | <dt>Claimant<sup>Rekor</sup></dt>
10 | <dd>${OIDCIDOwner}</dd>
11 | <dt>Believer<sup>Rekor</sup></dt>
12 | <dd>Software Installer</dd>
13 | <dt>Verifier<sup>Rekor</sup></dt>
14 | <dd>${OIDCIDOwner}/Artifact Builder: <i>${OIDCIdentity} signs ${Provenance} containing ${Subject}, using the key bound by ${Certificate}</i></dd>
15 | <dt>Arbiter<sup>Rekor</sup></dt>
16 | <dd>Community, identity-artifact mapping</dd>
17 | </dl>
18 | <dl>
19 | <dt>Claim<sup>LOG_Rekor</sup></dt>
20 | <dd><i><ol><li>This data structure is append-only from any previous version</li><li>This data structure is globally consistent</li><li>This data structure contains only leaves of type `${Provenance} with ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, signature over ${Subject}`</li></ol></i></dd>
21 | <dt>Statement<sup>LOG_Rekor</sup></dt>
22 | <dd>Log Checkpoint</dd>
23 | <dt>Claimant<sup>LOG_Rekor</sup></dt>
24 | <dd>Log Operator</dd>
25 | <dt>Believer<sup>LOG_Rekor</sup></dt>
26 | <dd><ul><li>Software Installer</li><li>${OIDCIDOwner}/Artifact Builder</li></ul></dd>
27 | <dt>Verifier<sup>LOG_Rekor</sup></dt>
28 | <dd><ul><li>Witness: <i>This data structure is append-only from any previous version</i></li><li>Witness Quorum: <i>This data structure is globally consistent</i></li><li>${OIDCIDOwner}/Artifact Builder: <i>This data structure contains only leaves of type `${Provenance} with ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, signature over ${Subject}`</i></li></ul></dd>
29 | <dt>Arbiter<sup>LOG_Rekor</sup></dt>
30 | <dd>Community, identity-artifact mapping</dd>
31 | </dl>


--------------------------------------------------------------------------------
/docs/claimantmodel/rekor/provenance/full.yaml:
--------------------------------------------------------------------------------
 1 | Domain:
 2 |   System: Rekor
 3 |   Claimant: ${OIDCIDOwner}
 4 |   Statement: ${Provenance} with ${Hash}, X.509 certificate ${Certificate} containing
 5 |     ${OIDCIdentity}, signature over ${Subject}
 6 |   Believer: Software Installer
 7 |   Claim:
 8 |     Claim: ${OIDCIdentity} signs ${Provenance} containing ${Subject}, using the key
 9 |       bound by ${Certificate}
10 |     Verifier: ${OIDCIDOwner}/Artifact Builder
11 |   Arbiter: Community, identity-artifact mapping
12 | Log:
13 |   System: LOG_Rekor
14 |   Claimant: Log Operator
15 |   Statement: Log Checkpoint
16 |   Believers:
17 |   - Software Installer
18 |   - ${OIDCIDOwner}/Artifact Builder
19 |   Claims:
20 |   - Claim: This data structure is append-only from any previous version
21 |     Verifier: Witness
22 |   - Claim: This data structure is globally consistent
23 |     Verifier: Witness Quorum
24 |   - Claim: This data structure contains only leaves of type `${Provenance} with ${Hash},
25 |       X.509 certificate ${Certificate} containing ${OIDCIdentity}, signature over
26 |       ${Subject}`
27 |     Verifier: ${OIDCIDOwner}/Artifact Builder
28 |   Arbiter: 'Community, identity-artifact mapping'


--------------------------------------------------------------------------------
/docs/claimantmodel/rekor/provenance/logsequence.md:
--------------------------------------------------------------------------------
 1 | <!--- This content generated with:
 2 | go run github.com/google/trillian/docs/claimantmodel/experimental/cmd/render@master --full_model_file ./docs/claimantmodel/rekor/provenance/full.yaml 
 3 | -->
 4 | ```mermaid
 5 | sequenceDiagram
 6 |     actor ${OIDCIDOwner}
 7 |     actor ${OIDCIDOwner}/Artifact Builder
 8 |     actor Log Operator
 9 |     actor Software Installer
10 |     actor Witness
11 |     actor Witness Quorum
12 |     ${OIDCIDOwner}->>Log Operator: Add new ${Provenance} with ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, signature over ${Subject}
13 |     Log Operator->>Log Operator: Integrate ${Provenance} with ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, signature over ${Subject}s and issue Log Checkpoint
14 |     Log Operator->>${OIDCIDOwner}: Log Checkpoint and inclusion proof
15 |     ${OIDCIDOwner}->>Software Installer: ${Provenance} with ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, signature over ${Subject} with proof bundle
16 |     Software Installer->>Software Installer: Verify bundle and install software
17 |     loop Periodic append-only Verification
18 |         Witness->>Log Operator: Fetch merkle data
19 |         Witness->>Witness: Verify append-only
20 |     end
21 |     loop Periodic ${Provenance} with ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, signature over ${Subject} Verification
22 |         ${OIDCIDOwner}/Artifact Builder->>Log Operator: Get all entries
23 |         ${OIDCIDOwner}/Artifact Builder->>${OIDCIDOwner}/Artifact Builder: Verify: ${OIDCIdentity} signs ${Provenance} containing ${Subject}, using the key bound by ${Certificate}
24 |     end
25 | ```


--------------------------------------------------------------------------------
/docs/claimantmodel/rekor/provenance/model.md:
--------------------------------------------------------------------------------
 1 | <!--- This content generated with:
 2 | go run github.com/google/trillian/docs/claimantmodel/experimental/cmd/render@master --domain_model_file ./docs/claimantmodel/rekor/provenance/model.yaml 
 3 | -->
 4 | <dl>
 5 | <dt>Claim<sup>Rekor</sup></dt>
 6 | <dd><i>${OIDCIdentity} signs ${Provenance} containing ${Subject}, using the key bound by ${Certificate}</i></dd>
 7 | <dt>Statement<sup>Rekor</sup></dt>
 8 | <dd>${Provenance} with ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, signature over ${Subject}</dd>
 9 | <dt>Claimant<sup>Rekor</sup></dt>
10 | <dd>${OIDCIDOwner}</dd>
11 | <dt>Believer<sup>Rekor</sup></dt>
12 | <dd>Software Installer</dd>
13 | <dt>Verifier<sup>Rekor</sup></dt>
14 | <dd>${OIDCIDOwner}/Artifact Builder: <i>${OIDCIdentity} signs ${Provenance} containing ${Subject}, using the key bound by ${Certificate}</i></dd>
15 | <dt>Arbiter<sup>Rekor</sup></dt>
16 | <dd>Community, identity-artifact mapping</dd>
17 | </dl>


--------------------------------------------------------------------------------
/docs/claimantmodel/rekor/provenance/model.yaml:
--------------------------------------------------------------------------------
1 | System:    "Rekor"
2 | Claim:
3 |     Claim: "${OIDCIdentity} signs ${Provenance} containing ${Subject}, using the key bound by ${Certificate}"
4 |     Verifier: "${OIDCIDOwner}/Artifact Builder"
5 | Statement: "${Provenance} with ${Hash}, X.509 certificate ${Certificate} containing ${OIDCIdentity}, signature over ${Subject}"
6 | Claimant:  "${OIDCIDOwner}"
7 | Believer:  "Software Installer"
8 | Arbiter:   "Community, identity-artifact mapping"
9 | 


--------------------------------------------------------------------------------
/docs/claimantmodel/rekor/timestamping/README.md:
--------------------------------------------------------------------------------
 1 | # Claim for timestamping in Rekor
 2 | 
 3 | The claim for timestamping in Rekor is a work in progress, as uploading signed timestamps is not yet supported in Rekor.
 4 | 
 5 | This claim has some unexpected properties:
 6 | 
 7 | * The claim and statement reference the claim for identity-based signatures. The claim can be expanded to
 8 | `${OIDCIdentity} signs ${Hash} using the key bound by ${Certificate}, valid with respect to ${Timestamp} whose signature is over ${Signature}`, and the statement `${Hash}, X.509 certificate containing ${OIDCIdentity}, signed ${Timestamp}, and ${Signature} over ${Hash}`.
 9 | * There is no Verifier, because no entity can verify the veracity of a timestamping claim. Anyone can generate a timestamp with a signing event. Note that there could be a Verifier for the Claimant Model for a Timestamp Authority, but that is out of scope for this claim.
10 | * The generated flow chart may not make sense because of the lack of a Verifier.


--------------------------------------------------------------------------------
/docs/claimantmodel/rekor/timestamping/full.md:
--------------------------------------------------------------------------------
 1 | <!--- This content generated with:
 2 | go run github.com/google/trillian/docs/claimantmodel/experimental/cmd/render@master --full_model_file ./docs/claimantmodel/rekor/timestamping/full.yaml 
 3 | -->
 4 | <dl>
 5 | <dt>Claim<sup>Rekor</sup></dt>
 6 | <dd><i>Claim<sup>Rekor<sup>Identity</sup></sup> occurs at ${Timestamp}</i></dd>
 7 | <dt>Statement<sup>Rekor</sup></dt>
 8 | <dd>Signed ${Timestamp} over Statement<sup>Rekor<sup>Identity</sup></sup></dd>
 9 | <dt>Claimant<sup>Rekor</sup></dt>
10 | <dd>${TSA}</dd>
11 | <dt>Believer<sup>Rekor</sup></dt>
12 | <dd>Software Installer</dd>
13 | <dt>Verifier<sup>Rekor</sup></dt>
14 | <dd>None</dd>
15 | <dt>Arbiter<sup>Rekor</sup></dt>
16 | <dd>Community</dd>
17 | </dl>
18 | <dl>
19 | <dt>Claim<sup>LOG_Rekor</sup></dt>
20 | <dd><i><ol><li>This data structure is append-only from any previous version</li><li>This data structure is globally consistent</li><li>This data structure contains only leaves of type `Signed ${Timestamp} over Statement<sup>Rekor<sup>Identity</sup></sup>`</li></ol></i></dd>
21 | <dt>Statement<sup>LOG_Rekor</sup></dt>
22 | <dd>Log Checkpoint</dd>
23 | <dt>Claimant<sup>LOG_Rekor</sup></dt>
24 | <dd>Log Operator</dd>
25 | <dt>Believer<sup>LOG_Rekor</sup></dt>
26 | <dd><ul><li>Software Installer</li></ul></dd>
27 | <dt>Verifier<sup>LOG_Rekor</sup></dt>
28 | <dd><ul><li>Witness: <i>This data structure is append-only from any previous version</i></li><li>Witness Quorum: <i>This data structure is globally consistent</i></li></ul></dd>
29 | <dt>Arbiter<sup>LOG_Rekor</sup></dt>
30 | <dd>Community</dd>
31 | </dl>


--------------------------------------------------------------------------------
/docs/claimantmodel/rekor/timestamping/full.yaml:
--------------------------------------------------------------------------------
 1 | Domain:
 2 |   System: Rekor
 3 |   Claimant: ${TSA}
 4 |   Statement: Signed ${Timestamp} over Statement<sup>Rekor<sup>Identity</sup></sup>
 5 |   Believer: Software Installer
 6 |   Claim:
 7 |     Claim: Claim<sup>Rekor<sup>Identity</sup></sup> occurs at ${Timestamp}
 8 |     Verifier: None
 9 |   Arbiter: Community
10 | Log:
11 |   System: LOG_Rekor
12 |   Claimant: Log Operator
13 |   Statement: Log Checkpoint
14 |   Believers:
15 |   - Software Installer
16 |   - None
17 |   Claims:
18 |   - Claim: This data structure is append-only from any previous version
19 |     Verifier: Witness
20 |   - Claim: This data structure is globally consistent
21 |     Verifier: Witness Quorum
22 |   - Claim: This data structure contains only leaves of type `Signed ${Timestamp} over
23 |       Statement<sup>Rekor<sup>Identity</sup></sup>`
24 |     Verifier: None
25 |   Arbiter: Community


--------------------------------------------------------------------------------
/docs/claimantmodel/rekor/timestamping/logsequence.md:
--------------------------------------------------------------------------------
 1 | <!--- This content generated with:
 2 | go run github.com/google/trillian/docs/claimantmodel/experimental/cmd/render@master --full_model_file ./docs/claimantmodel/rekor/timestamping/full.yaml 
 3 | -->
 4 | ```mermaid
 5 | sequenceDiagram
 6 |     actor ${TSA}
 7 |     actor Log Operator
 8 |     actor Software Installer
 9 |     actor Witness
10 |     actor Witness Quorum
11 |     ${TSA}->>Log Operator: Add new Signed ${Timestamp} over Statement<sup>Rekor<sup>Identity</sup></sup>
12 |     Log Operator->>Log Operator: Integrate Signed ${Timestamp} over Statement<sup>Rekor<sup>Identity</sup></sup>s and issue Log Checkpoint
13 |     Log Operator->>${TSA}: Log Checkpoint and inclusion proof
14 |     ${TSA}->>Software Installer: Signed ${Timestamp} over Statement<sup>Rekor<sup>Identity</sup></sup> with proof bundle
15 |     Software Installer->>Software Installer: Verify bundle and install software
16 |     loop Periodic append-only Verification
17 |         Witness->>Log Operator: Fetch merkle data
18 |         Witness->>Witness: Verify append-only
19 |     end
20 | ```


--------------------------------------------------------------------------------
/docs/claimantmodel/rekor/timestamping/model.md:
--------------------------------------------------------------------------------
 1 | <!--- This content generated with:
 2 | go run github.com/google/trillian/docs/claimantmodel/experimental/cmd/render@master --domain_model_file ./docs/claimantmodel/rekor/timestamping/model.yaml 
 3 | -->
 4 | <dl>
 5 | <dt>Claim<sup>Rekor</sup></dt>
 6 | <dd><i>Claim<sup>Rekor<sup>Identity</sup></sup> occurs at ${Timestamp}</i></dd>
 7 | <dt>Statement<sup>Rekor</sup></dt>
 8 | <dd>Signed ${Timestamp} over Statement<sup>Rekor<sup>Identity</sup></sup></dd>
 9 | <dt>Claimant<sup>Rekor</sup></dt>
10 | <dd>${TSA}</dd>
11 | <dt>Believer<sup>Rekor</sup></dt>
12 | <dd>Software Installer</dd>
13 | <dt>Verifier<sup>Rekor</sup></dt>
14 | <dd>None</dd>
15 | <dt>Arbiter<sup>Rekor</sup></dt>
16 | <dd>Community</dd>
17 | </dl>


--------------------------------------------------------------------------------
/docs/claimantmodel/rekor/timestamping/model.yaml:
--------------------------------------------------------------------------------
1 | System:    "Rekor"
2 | Claim:
3 |     Claim: "Claim<sup>Rekor<sup>Identity</sup></sup> occurs at ${Timestamp}"
4 |     Verifier: "None"
5 | Statement: "Signed ${Timestamp} over Statement<sup>Rekor<sup>Identity</sup></sup>"
6 | Claimant:  "${TSA}"
7 | Believer:  "Software Installer"
8 | Arbiter:   "Community"
9 | 


--------------------------------------------------------------------------------
/docs/claimantmodel/tsa/full.md:
--------------------------------------------------------------------------------
 1 | <!--- This content generated with:
 2 | go run github.com/google/trillian/docs/claimantmodel/experimental/cmd/render@master --full_model_file ./docs/claimantmodel/tsa/full.yaml 
 3 | -->
 4 | <dl>
 5 | <dt>Claim<sup>TSA</sup></dt>
 6 | <dd><i>${TimestampAuthority} claims a monotonically increasing ${Time}</i></dd>
 7 | <dt>Statement<sup>TSA</sup></dt>
 8 | <dd>Signed timestamp containing ${Time}</dd>
 9 | <dt>Claimant<sup>TSA</sup></dt>
10 | <dd>${TimestampAuthority}</dd>
11 | <dt>Believer<sup>TSA</sup></dt>
12 | <dd>Software Installer, entity consuming short-lived code-signing certificate</dd>
13 | <dt>Verifier<sup>TSA</sup></dt>
14 | <dd>${TimestampMonotonicVerifier}: <i>${TimestampAuthority} claims a monotonically increasing ${Time}</i></dd>
15 | <dt>Arbiter<sup>TSA</sup></dt>
16 | <dd>Community</dd>
17 | </dl>
18 | <dl>
19 | <dt>Claim<sup>LOG_TSA</sup></dt>
20 | <dd><i><ol><li>This data structure is append-only from any previous version</li><li>This data structure is globally consistent</li><li>This data structure contains only leaves of type `Signed timestamp containing ${Time}`</li></ol></i></dd>
21 | <dt>Statement<sup>LOG_TSA</sup></dt>
22 | <dd>Log Checkpoint</dd>
23 | <dt>Claimant<sup>LOG_TSA</sup></dt>
24 | <dd>Log Operator</dd>
25 | <dt>Believer<sup>LOG_TSA</sup></dt>
26 | <dd><ul><li>Software Installer, entity consuming short-lived code-signing certificate</li><li>${TimestampMonotonicVerifier}</li></ul></dd>
27 | <dt>Verifier<sup>LOG_TSA</sup></dt>
28 | <dd><ul><li>Witness: <i>This data structure is append-only from any previous version</i></li><li>Witness Quorum: <i>This data structure is globally consistent</i></li><li>${TimestampMonotonicVerifier}: <i>This data structure contains only leaves of type `Signed timestamp containing ${Time}`</i></li></ul></dd>
29 | <dt>Arbiter<sup>LOG_TSA</sup></dt>
30 | <dd>Community</dd>
31 | </dl>


--------------------------------------------------------------------------------
/docs/claimantmodel/tsa/full.yaml:
--------------------------------------------------------------------------------
 1 | Domain:
 2 |   System: TSA
 3 |   Claimant: ${TimestampAuthority}
 4 |   Statement: Signed timestamp containing ${Time}
 5 |   Believer: Software Installer, entity consuming short-lived code-signing certificate
 6 |   Claim:
 7 |     Claim: ${TimestampAuthority} claims a monotonically increasing ${Time}
 8 |     Verifier: ${TimestampMonotonicVerifier}
 9 |   Arbiter: Community
10 | Log:
11 |   System: LOG_TSA
12 |   Claimant: Log Operator
13 |   Statement: Log Checkpoint
14 |   Believers:
15 |   - Software Installer, entity consuming short-lived code-signing certificate
16 |   - ${TimestampMonotonicVerifier}
17 |   Claims:
18 |   - Claim: This data structure is append-only from any previous version
19 |     Verifier: Witness
20 |   - Claim: This data structure is globally consistent
21 |     Verifier: Witness Quorum
22 |   - Claim: This data structure contains only leaves of type `Signed timestamp containing
23 |       ${Time}`
24 |     Verifier: ${TimestampMonotonicVerifier}
25 |   Arbiter: Community


--------------------------------------------------------------------------------
/docs/claimantmodel/tsa/logsequence.md:
--------------------------------------------------------------------------------
 1 | <!--- This content generated with:
 2 | go run github.com/google/trillian/docs/claimantmodel/experimental/cmd/render@master --full_model_file ./docs/claimantmodel/tsa/full.yaml 
 3 | -->
 4 | ```mermaid
 5 | sequenceDiagram
 6 |     actor ${TimestampAuthority}
 7 |     actor ${TimestampMonotonicVerifier}
 8 |     actor Log Operator
 9 |     actor Software Installer, entity consuming short-lived code-signing certificate
10 |     actor Witness
11 |     actor Witness Quorum
12 |     ${TimestampAuthority}->>Log Operator: Add new Signed timestamp containing ${Time}
13 |     Log Operator->>Log Operator: Integrate Signed timestamp containing ${Time}s and issue Log Checkpoint
14 |     Log Operator->>${TimestampAuthority}: Log Checkpoint and inclusion proof
15 |     ${TimestampAuthority}->>Software Installer, entity consuming short-lived code-signing certificate: Signed timestamp containing ${Time} with proof bundle
16 |     Software Installer, entity consuming short-lived code-signing certificate->>Software Installer, entity consuming short-lived code-signing certificate: Verify bundle and install software
17 |     loop Periodic append-only Verification
18 |         Witness->>Log Operator: Fetch merkle data
19 |         Witness->>Witness: Verify append-only
20 |     end
21 |     loop Periodic Signed timestamp containing ${Time} Verification
22 |         ${TimestampMonotonicVerifier}->>Log Operator: Get all entries
23 |         ${TimestampMonotonicVerifier}->>${TimestampMonotonicVerifier}: Verify: ${TimestampAuthority} claims a monotonically increasing ${Time}
24 |     end
25 | ```


--------------------------------------------------------------------------------
/docs/claimantmodel/tsa/model.md:
--------------------------------------------------------------------------------
 1 | <!--- This content generated with:
 2 | go run github.com/google/trillian/docs/claimantmodel/experimental/cmd/render@master --domain_model_file ./docs/claimantmodel/tsa/model.yaml 
 3 | -->
 4 | <dl>
 5 | <dt>Claim<sup>TSA</sup></dt>
 6 | <dd><i>${TimestampAuthority} claims a monotonically increasing ${Time}</i></dd>
 7 | <dt>Statement<sup>TSA</sup></dt>
 8 | <dd>Signed timestamp containing ${Time}</dd>
 9 | <dt>Claimant<sup>TSA</sup></dt>
10 | <dd>${TimestampAuthority}</dd>
11 | <dt>Believer<sup>TSA</sup></dt>
12 | <dd>Software Installer, entity consuming short-lived code-signing certificate</dd>
13 | <dt>Verifier<sup>TSA</sup></dt>
14 | <dd>${TimestampMonotonicVerifier}: <i>${TimestampAuthority} claims a monotonically increasing ${Time}</i></dd>
15 | <dt>Arbiter<sup>TSA</sup></dt>
16 | <dd>Community</dd>
17 | </dl>


--------------------------------------------------------------------------------
/docs/claimantmodel/tsa/model.yaml:
--------------------------------------------------------------------------------
1 | System:    "TSA"
2 | Claim:
3 |     Claim: "${TimestampAuthority} claims a monotonically increasing ${Time}"
4 |     Verifier: "${TimestampMonotonicVerifier}"
5 | Statement: "Signed timestamp containing ${Time}"
6 | Claimant:  "${TimestampAuthority}"
7 | Believer:  "Software Installer, entity consuming short-lived code-signing certificate"
8 | Arbiter:   "Community"
9 | 


--------------------------------------------------------------------------------
/docs/images/fork.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/docs/images/fork.png


--------------------------------------------------------------------------------
/docs/images/opensec.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/docs/images/opensec.png


--------------------------------------------------------------------------------
/docs/images/publish.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/docs/images/publish.png


--------------------------------------------------------------------------------
/docs/research/sigstore_discovery–recommendations.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/docs/research/sigstore_discovery–recommendations.pdf


--------------------------------------------------------------------------------
/docs/research/sigstore_discovery–research_insights.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/docs/research/sigstore_discovery–research_insights.pdf


--------------------------------------------------------------------------------
/docs/zero-trust-supply-chains.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/docs/zero-trust-supply-chains.pdf


--------------------------------------------------------------------------------
/github-sync/Pulumi.github-prod.yaml:
--------------------------------------------------------------------------------
1 | config:
2 |   github:owner: sigstore
3 |   github:token:
4 |     secure: AAABAJZVtS8TvgsxPNSBgnSndniYePBUe6OPdHvm+8fZGdCdg2RIBG9WS2DcR9hnOsoj1wXrRt7Ekh//HHcc//QI/oFSjjQc
5 |   sigstore-github-sync:github-data-directory: "github-data/sigstore"
6 | 


--------------------------------------------------------------------------------
/github-sync/Pulumi.github-sigstore-conformance.yaml:
--------------------------------------------------------------------------------
1 | config:
2 |   github:owner: sigstore-conformance
3 |   github:token:
4 |     secure: AAABAANYWFWCT37yuNY6LLi/7py8HRXu1YM5AIAV+plb9V3vUqeKG5skGN/6uLg2DRq78+bgYBowPsFIZgbAnNsy+isVkLr5
5 |   sigstore-github-sync:github-data-directory: "github-data/sigstore-conformance"
6 | 


--------------------------------------------------------------------------------
/github-sync/Pulumi.yaml:
--------------------------------------------------------------------------------
1 | name: sigstore-github-sync
2 | runtime: go
3 | description: Sync GitHub users, collaborators and repositories for an organization
4 | 


--------------------------------------------------------------------------------
/github-sync/github-data/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/github-sync/github-data/.gitkeep


--------------------------------------------------------------------------------
/github-sync/github-data/sigstore-conformance/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/github-sync/github-data/sigstore-conformance/.gitkeep


--------------------------------------------------------------------------------
/github-sync/github-data/sigstore-conformance/bots.yaml:
--------------------------------------------------------------------------------
1 | users:
2 | 


--------------------------------------------------------------------------------
/github-sync/github-data/sigstore-conformance/repositories.yaml:
--------------------------------------------------------------------------------
 1 | repositories:
 2 |   - name: .github
 3 |     owner: sigstore-conformance
 4 |     description: Default community health files for the sigstore-conformance organization.
 5 |     homepageUrl: ""
 6 |     defaultBranch: main
 7 |     allowAutoMerge: false
 8 |     allowMergeCommit: true
 9 |     allowRebaseMerge: true
10 |     allowSquashMerge: true
11 |     archived: false
12 |     autoInit: false
13 |     deleteBranchOnMerge: true
14 |     hasDownloads: true
15 |     hasIssues: true
16 |     hasProjects: true
17 |     hasWiki: true
18 |     vulnerabilityAlerts: true
19 |     visibility: public
20 |     licenseTemplate: ""
21 |     topics: []
22 |     collaborators:
23 |       - username: woodruffw
24 |         permission: maintain
25 |     branchesProtection:
26 |       - pattern: main
27 |         enforceAdmins: true
28 |         allowsDeletions: false
29 |         allowsForcePushes: false
30 |         dismissStaleReviews: true
31 |         requireLastPushApproval: true
32 |         requiredApprovingReviewCount: 1
33 |   - name: extremely-dangerous-public-oidc-beacon
34 |     owner: sigstore-conformance
35 |     description: ""
36 |     homepageUrl: ""
37 |     defaultBranch: main
38 |     allowAutoMerge: false
39 |     allowMergeCommit: true
40 |     allowRebaseMerge: true
41 |     allowSquashMerge: true
42 |     archived: false
43 |     autoInit: false
44 |     deleteBranchOnMerge: true
45 |     hasDownloads: true
46 |     hasIssues: true
47 |     hasProjects: true
48 |     hasWiki: true
49 |     vulnerabilityAlerts: true
50 |     visibility: public
51 |     licenseTemplate: ""
52 |     topics: []
53 |     collaborators:
54 |       - username: woodruffw
55 |         permission: maintain
56 |       - username: jku
57 |         permission: maintain
58 |     teams: []
59 |     branchesProtection:
60 |       - pattern: main
61 |         enforceAdmins: true
62 |         allowsDeletions: false
63 |         allowsForcePushes: false
64 |         requiredLinearHistory: true
65 |         dismissStaleReviews: true
66 |         requiredApprovingReviewCount: 1
67 |         requireCodeOwnerReviews: true
68 |         restrictDismissals: true
69 |         requireLastPushApproval: true
70 | 


--------------------------------------------------------------------------------
/github-sync/github-data/sigstore-conformance/teams.yaml:
--------------------------------------------------------------------------------
1 | teams:
2 | 


--------------------------------------------------------------------------------
/github-sync/github-data/sigstore-conformance/users.yaml:
--------------------------------------------------------------------------------
 1 | users:
 2 |   - username: bobcallaway
 3 |     role: admin
 4 |     teams: []
 5 |   - username: cpanato
 6 |     role: admin
 7 |     teams: []
 8 |   - username: trevrosen
 9 |     role: admin
10 |     teams: []
11 |   - username: SantiagoTorres
12 |     role: admin
13 |     teams: []
14 |   - username: priyawadhwa
15 |     role: admin
16 |     teams: []
17 | 


--------------------------------------------------------------------------------
/github-sync/github-data/sigstore/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/github-sync/github-data/sigstore/.gitkeep


--------------------------------------------------------------------------------
/github-sync/github-data/sigstore/bots.yaml:
--------------------------------------------------------------------------------
1 | users:
2 |   - username: sigstore-bot
3 |     role: member
4 |     teams: []
5 | 


--------------------------------------------------------------------------------
/github-sync/github-data/sigstore/teams.yaml:
--------------------------------------------------------------------------------
  1 | teams:
  2 |   - name: Core Team
  3 |     privacy: closed
  4 |     description: tsc
  5 |   - name: architecture-doc-team
  6 |     privacy: closed
  7 |     description: ""
  8 |   - name: codeowners-k8s-manifest-sigstore
  9 |     privacy: closed
 10 |     description: Team for codeowners of k8s-manifest-sigstore
 11 |   - name: codeowners-maven-sigstore
 12 |     privacy: closed
 13 |     description: ""
 14 |   - name: codeowners-ruby-sigstore
 15 |     privacy: closed
 16 |     description: ""
 17 |   - name: sigstore-blog-maintainers
 18 |     privacy: closed
 19 |     description: sigstore-blog maintainers
 20 |   - name: codeowners-sigstore-js
 21 |     privacy: closed
 22 |     description: sigstore-js maintainers
 23 |   - name: codeowners-rekor-search-ui
 24 |     privacy: closed
 25 |     description: rekor-search-ui maintainers
 26 |   - name: codeowners-sigstore-python
 27 |     privacy: closed
 28 |     description: sigstore-python maintainers
 29 |   - name: codeowners-sigstore-website
 30 |     privacy: closed
 31 |     description: codeowners for sigstores website
 32 |   - name: community-codeowners
 33 |     privacy: closed
 34 |     description: Team for codeowners for community configuration
 35 |   - name: cosign-codeowners
 36 |     privacy: closed
 37 |     description: ""
 38 |   - name: cosign-installer-codeowners
 39 |     privacy: closed
 40 |     description: ""
 41 |   - name: dep-maintainers
 42 |     privacy: closed
 43 |     description: Team for maintainers across repos who manage dependency updates
 44 |   - name: fulcio-codeowners
 45 |     privacy: closed
 46 |     description: ""
 47 |   - name: gitsign-codeowners
 48 |     privacy: closed
 49 |     description: ""
 50 |   - name: helm
 51 |     privacy: closed
 52 |     description: Team for Helm charts for Sigstore infrastructure
 53 |   - name: helm-sigstore-codeowners
 54 |     privacy: closed
 55 |     description: Team for helm-sigstore plugin
 56 |   - name: maven-plugin-codeowners
 57 |     privacy: closed
 58 |     description: ""
 59 |   - name: model-transparency-codeowners
 60 |     privacy: closed
 61 |     description: "Code owners for ML model transparency"
 62 |   - name: model-transparency
 63 |     privacy: closed
 64 |     description: "Write access for ML model transparency"
 65 |   - name: policy-controller-codeowners
 66 |     privacy: closed
 67 |     description: Codeowners for sigstore/policy-controller
 68 |   - name: protobuf-specs-codeowners
 69 |     privacy: closed
 70 |     description: "Code owners for protobuf specifications"
 71 |   - name: public-good-instance-team
 72 |     privacy: secret
 73 |     description: those with access to configuration of the public good service
 74 |   - name: rekor-codeowners
 75 |     privacy: closed
 76 |     description: ""
 77 |   - name: rekor-monitor-codeowners
 78 |     privacy: closed
 79 |     description: ""
 80 |   - name: rekor-tiles-codeowners
 81 |     privacy: closed
 82 |     description: ""
 83 |   - name: rekor-tiles-reviewers
 84 |     privacy: closed
 85 |     description: ""
 86 |   - name: scaffolding-codeowners
 87 |     privacy: closed
 88 |     description: maintainers on sigstore/scaffolding
 89 |   - name: security-response-team
 90 |     privacy: closed
 91 |     description: ""
 92 |   - name: sigstore-sig-clients
 93 |     privacy: closed
 94 |     description: "Home of the SIG for client libraries and CLIs"
 95 |   - name: sigstore-sig-public-good-operations
 96 |     privacy: closed
 97 |     description: "Home of the SIG for public good operations"
 98 |   - name: sigstore-codeowners
 99 |     privacy: closed
100 |     description: 'Note: this is for the sigstore repo, not for the entire organization'
101 |   - name: sigstore-go-codeowners
102 |     privacy: closed
103 |     description: "Codeowners for sigstore/sigstore-go"
104 |   - name: sigstore-java-codeowners
105 |     privacy: closed
106 |     description: ""
107 |   - name: sigstore-keyholders
108 |     privacy: closed
109 |     description: Current Keyholders for the Root Keys!
110 |   - name: sigstore-oncall
111 |     privacy: closed
112 |     description: "sigstore oncall team"
113 |   - name: sigstore-release-team
114 |     privacy: closed
115 |     description: ""
116 |   - name: sigstore-rs-codeowners
117 |     privacy: closed
118 |     description: 'sigstore rust library '
119 |   - name: timestamp-codeowners
120 |     privacy: closed
121 |     description: ""
122 |   - name: triage
123 |     privacy: closed
124 |     description: ""
125 |   - name: tuf-root-signing-codeowners
126 |     privacy: closed
127 |     description: ""
128 |   - name: tuf-root-signing-staging-codeowners
129 |     privacy: closed
130 |     description: ""
131 |   - name: sigstore-conformance-codeowners
132 |     privacy: closed
133 |     description: "Codeowners for sigstore/sigstore-conformance"
134 | 


--------------------------------------------------------------------------------
/images/sigstore_layers.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sigstore/community/ac4d2fc318468cdc75fca9ad7beb93e67941c74c/images/sigstore_layers.png


--------------------------------------------------------------------------------
/proposals/community-organization.md:
--------------------------------------------------------------------------------
 1 | # Light-touch project management for `sigstore` on Github
 2 | 
 3 | `sigstore` and its associated projects are developed and hosted primarily on Github, and, as such, make use of Github's tools for project management: particularly, issues and pull requests.
 4 | 
 5 | As a nascent cross-organizational effort, `sigstore` does not currently enforce much, if any, process around work items -- indeed, such structure may introduce unnecessary overhead at a time when it's not really needed. Of course, as the project scales and more people get involved, such organization will rapidly prove needed. With the project going public and the inauguration of community meetings providing a central place for contributors to discuss things, now seems like a good time to propose a plan for light-touch developer processes compatible with a loosely-organized team. This document will attempt to outline that plan, in addition to proposing the use of some select automation tools to further aid productivity.
 6 | 
 7 | The stated proposals assume that the project will continue to live primarily on Github, using Github issues to outline work items and pull requests to deliberate on and approve completed work.
 8 | 
 9 | ## Kanban board(s)
10 | 
11 | The sole direct process change of this proposal will be the creation and regular use of a basic kanban board to track work.
12 | 
13 | At the very least, it should contain a "Triage" column, where new issues and PRs automatically land (with the help of some automation, detailed below). This would allow core developers to observe, in a single glance, any new items that may need their attention. Once looked at or otherwise addressed, the issue or PR should be moved to another column on the board, perhaps an "In Progress" column. (The exact structure of the rest of the board can vary depending on developer needs.) If desired, the Triage column could be assessed during community meetings.
14 | 
15 | ### How many boards?
16 | 
17 | Using one board would centralize all new issues and PRs from all `sigstore` member projects in one place. An alternative to this structure would be separate boards for each sub-focus or sub-project; for example, all new `sigstore/rekor` issues could land on a Rekor board, while `sigstore/fulcio` issues could land on a Fulcio board. This proposal does not specifically dictate one approach or another.
18 | 
19 | ## Project automation tools
20 | 
21 | Working in tandem with the proposed project boards would be up to several project automation tools from [`actions-automation`](https://github.com/actions-automation) (disclosure: written and maintained by the author of this proposal).
22 | 
23 | These tools are designed to be light-touch, enriching Github's issues and pull requests to be more useful without any additional feature cruft on top. They are also all written as straightforward Github Actions, meaning they do not rely on any external infrastructure to work (only Github's own Actions infrastructure). They have been deployed on several other projects on Github (including [Enarx](https://github.com/enarx) and [Keylime](https://github.com/keylime)) with positive results.
24 | 
25 | Setup would require:
26 | 
27 | - the creation of a dedicated "bot" account given "Contributor" (_not_ write) access to participating `sigstore` repos;
28 | - the provisioning of a restricted-scope (`public_repo`, `org:read`, and `org:write`) personal access token from that bot account, available via Github's "secrets" architecture.
29 | 
30 | There are three actions to consider; how many of them get used is ultimately up to the discretion of the community, though the creation of the kanban board hinges on the `triage` action.
31 | 
32 | ### [`triage`](https://github.com/actions-automation/triage)
33 | 
34 | A straightforward action that adds all newly-opened (or reopened) issues and pull requests on a given repo to a specified org-wide board, such as the kanban board proposed above.
35 | 
36 | ### [`pull-request-responsibility`](https://github.com/actions-automation/pull-request-responsibility)
37 | 
38 | A set of several actions that push PRs towards completion faster -- namely:
39 | 
40 | - Automatically request a random set of PR reviewers from a specified Github team and suggested reviewers, accounting for reviewer availability.
41 | - Automatically adjust assignees on a pull request such that the current assignees are the ones that must take action to move the pull request forward.
42 | 
43 | A full list of actions and what they do is available [here](https://github.com/actions-automation/pull-request-responsibility#supported-actions).
44 | 
45 | This action in particular is very helpful in ensuring PRs don't get "lost" or otherwise abandoned by reviewers.
46 | 
47 | ### [`manage-your-labels`](https://github.com/actions-automation/manage-your-labels)
48 | 
49 | An action that allows for robust label mirroring and management across an entire organization's repositories. This effectively stores the set of labels available to organization repos in a config file -- which has the side benefit of allowing changes to labels via PR.
50 | 


--------------------------------------------------------------------------------