Giters

sigstore / sigstore

Common go library shared across sigstore services and clients

Home Page:https://sigstore.dev

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

cosigngogolangsecuritysigstoresupply-chain

sigstore framework

Fuzzing Status CII Best Practices

sigstore/sigstore contains common Sigstore code: that is, code shared by infrastructure (e.g., Fulcio and Rekor) and Go language clients (e.g., Cosign and Gitsign).

This library currently provides:

  • A signing interface (support for ecdsa, ed25519, rsa, DSSE (in-toto))
  • OpenID Connect fulcio client code

The following KMS systems are available:

  • AWS Key Management Service
  • Azure Key Vault
  • HashiCorp Vault
  • Google Cloud Platform Key Management Service

For example code, look at the relevant test code for each main code file.

Fuzzing

The fuzzing tests are within https://github.com/sigstore/sigstore/tree/main/test/fuzz

Security

Should you discover any security issues, please refer to sigstores security process

For container signing, you want cosign

About

Common go library shared across sigstore services and clients

https://sigstore.dev

cosigngogolangsecuritysigstoresupply-chain

License:Apache License 2.0

Languages

Language:Go 98.8%Language:Makefile 0.5%Language:Dockerfile 0.4%Language:Shell 0.3%