Movatterモバイル変換

Skip to content

sigstore/sigstorePublic

NotificationsYou must be signed in to change notification settings
Fork127
Star474

Common go library shared across sigstore services and clients

License

Apache-2.0 license

474 stars 127 forks Branches Tags Activity

You must be signed in to change notification settings

Folders and files

Name		Name	Last commit message	Last commit date
Latest commit History 1,767 Commits
.github		.github
docs		docs
hack/tools		hack/tools
pkg		pkg
test		test
.gitattributes		.gitattributes
.gitignore		.gitignore
.golangci.yml		.golangci.yml
CODEOWNERS		CODEOWNERS
CODE_OF_CONDUCT.md		CODE_OF_CONDUCT.md
COPYRIGHT.txt		COPYRIGHT.txt
LICENSE		LICENSE
Makefile		Makefile
POLICY.md		POLICY.md
README.md		README.md
codecov.yml		codecov.yml
go.mod		go.mod
go.sum		go.sum

Repository files navigation

sigstore framework

sigstore/sigstore contains commonSigstore code: that is, code shared by infrastructure (e.g.,Fulcio andRekor) and Go language clients (e.g.,Cosign andGitsign).

This library currently provides:

A signing interface (support for ecdsa, ed25519, rsa, DSSE (in-toto))
OpenID Connect fulcio client code

The following KMS systems are available:

AWS Key Management Service
Azure Key Vault
HashiCorp Vault
Google Cloud Platform Key Management Service

For example code, look at the relevant test code for each main code file.

Fuzzing

The fuzzing tests are withinhttps://github.com/sigstore/sigstore/tree/main/test/fuzz

Security

Should you discover any security issues, please refer to sigstoressecurityprocess

For container signing, you wantcosign

About

Common go library shared across sigstore services and clients

Topics

go golang security supply-chain cosign sigstore

Resources

License

Apache-2.0 license

Code of conduct

Code of conduct

Security policy

Security policy

Custom properties

Stars

Watchers

Forks

Report repository

Releases47

Used by2.2k

Contributors73

+ 59 contributors

Languages

Go99.0%
Other1.0%

[8]ページ先頭

©2009-2025 Movatter.jp