sigstore

module
v1.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 15, 2023 License: Apache-2.0

README

sigstore framework

Fuzzing Status CII Best Practices

sigstore/sigstore contains common Sigstore code: that is, code shared by infrastructure (e.g., Fulcio and Rekor) and Go language clients (e.g., Cosign and Gitsign).

This library currently provides:

  • A signing interface (support for ecdsa, ed25519, rsa, DSSE (in-toto))
  • OpenID Connect fulcio client code

The following KMS systems are available:

  • AWS Key Management Service
  • Azure Key Vault
  • HashiCorp Vault
  • Google Cloud Platform Key Management Service

For example code, look at the relevant test code for each main code file.

Fuzzing

The fuzzing tests are within https://github.com/sigstore/sigstore/tree/main/test/fuzz

Security

Should you discover any security issues, please refer to sigstores security process

For container signing, you want cosign

Directories

Path Synopsis
pkg
cryptoutils
Package cryptoutils implements support for working with encoded certificates, public keys, and private keys
Package cryptoutils implements support for working with encoded certificates, public keys, and private keys
fulcioroots
Package fulcioroots assists with extracting trust root information for Fulcio
Package fulcioroots assists with extracting trust root information for Fulcio
oauth
Package oauth contains types and utilities related to OAuth2.
Package oauth contains types and utilities related to OAuth2.
oauth/internal
Package internal contains utilities for parsing OAuth2 tokens
Package internal contains utilities for parsing OAuth2 tokens
oauth/oidc
Package oidc contains utilities related to OIDC tokens.
Package oidc contains utilities related to OIDC tokens.
oauthflow
Package oauthflow implements OAuth/OIDC support for device and token flows
Package oauthflow implements OAuth/OIDC support for device and token flows
signature
Package signature contains types and utilities related to Sigstore signatures.
Package signature contains types and utilities related to Sigstore signatures.
signature/dsse
Package dsse includes wrappers to support DSSE
Package dsse includes wrappers to support DSSE
signature/kms
Package kms contains utilities related to third-party KMS providers.
Package kms contains utilities related to third-party KMS providers.
signature/kms/fake
Package fake contains utilities to help test KMS providers.
Package fake contains utilities to help test KMS providers.
signature/options
Package options defines options for KMS clients
Package options defines options for KMS clients
signature/payload
Package payload contains types and utilities related to the Cosign signature format.
Package payload contains types and utilities related to the Cosign signature format.
signature/ssh
Package ssh implements signing with SSH keys
Package ssh implements signing with SSH keys
signature/x509
crypto/x509 add sm2 support
crypto/x509 add sm2 support
tuf
Package test contains test utilities
Package test contains test utilities

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL