sigstore framework

sigstore/sigstore contains common Sigstore code: that is, code shared by infrastructure (e.g., Fulcio and Rekor) and Go language clients (e.g., Cosign and Gitsign).

This library currently provides:

A signing interface (support for ecdsa, ed25519, rsa, DSSE (in-toto))
OpenID Connect fulcio client code

The following KMS systems are available:

AWS Key Management Service
Azure Key Vault
HashiCorp Vault
Google Cloud Platform Key Management Service

For example code, look at the relevant test code for each main code file.

Fuzzing

The fuzzing tests are within https://github.com/sigstore/sigstore/tree/main/test/fuzz

Security

Should you discover any security issues, please refer to sigstores security process

For container signing, you want cosign

Name	Name	Last commit message	Last commit date
Latest commit History 1,814 Commits 1,814 Commits
.github	.github
docs	docs
hack/tools	hack/tools
pkg	pkg
test	test
.gitattributes	.gitattributes
.gitignore	.gitignore
.golangci.yml	.golangci.yml
CODEOWNERS	CODEOWNERS
CODE_OF_CONDUCT.md	CODE_OF_CONDUCT.md
COPYRIGHT.txt	COPYRIGHT.txt
LICENSE	LICENSE
Makefile	Makefile
POLICY.md	POLICY.md
README.md	README.md
codecov.yml	codecov.yml
go.mod	go.mod
go.sum	go.sum

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

sigstore framework

Fuzzing

Security

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Languages

Search code, repositories, users, issues, pull requests...

Folders and files

Latest commit

History

Repository files navigation

sigstore framework

Fuzzing

Security

About

Resources

License

Code of conduct

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages