cosign

package
v1.6.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 17, 2022 License: Apache-2.0 Imports: 26 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ImageSignatureRepository string

ImageSignatureRepository is an alternate signature repository

Functions

func FetchAttestations added in v1.5.0 

func FetchAttestations(imageRef string, imageVerify *v1.ImageVerification, log logr.Logger) ([]map[string]interface{}, error)

FetchAttestations retrieves signed attestations and decodes them into in-toto statements https://github.com/in-toto/attestation/blob/main/spec/README.md#statement

func SetMock added in v1.5.0 

func SetMock(image string, data [][]byte) error

func VerifySignature added in v1.5.0 

func VerifySignature(opts Options) (digest string, err error)

VerifySignature verifies that the image has the expected key

Types

type Cosign added in v1.5.0 

type Cosign interface {
	VerifyImageSignatures(ctx context.Context, signedImgRef name.Reference, co *cosign.CheckOpts) ([]oci.Signature, bool, error)

	VerifyImageAttestations(ctx context.Context, signedImgRef name.Reference, co *cosign.CheckOpts) (checkedAttestations []oci.Signature, bundleVerified bool, err error)
}

type Options added in v1.6.0 

type Options struct {
	ImageRef    string
	Key         string
	Roots       []byte
	Subject     string
	Issuer      string
	Annotations map[string]string
	Repository  string
	Log         logr.Logger
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.