Affected by GO-2023-1804 and 2 other vulnerabilities

GO-2023-1804: Kyverno vulnerable due to usage of insecure cipher in github.com/kyverno/kyverno

GO-2023-1819: Kyverno resource with a deletionTimestamp may allow policy circumvention in github.com/kyverno/kyverno

GO-2023-2340: Attacker can cause Kyverno user to unintentionally consume insecure image in github.com/kyverno/kyverno

cosign

package

v1.7.0-rc1 Latest Latest Go to latest Published: May 12, 2022 License: Apache-2.0 Imports: 32 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kyverno/kyverno

Documentation ¶

Index ¶

Variables
func ClearMock()
func FetchAttestations(imageRef string, imageVerify v1.ImageVerification) ([]map[string]interface{}, error)
func Init() error
func SetMock(image string, data [][]byte) error
func VerifySignature(opts Options) (digest string, err error)
type Cosign
type Options

Constants ¶

This section is empty.

Variables ¶

View Source

var ImageSignatureRepository string

ImageSignatureRepository is an alternate signature repository

Functions ¶

func ClearMock ¶ added in v1.7.0

func ClearMock()

func FetchAttestations ¶ added in v1.5.0

func FetchAttestations(imageRef string, imageVerify v1.ImageVerification) ([]map[string]interface{}, error)

FetchAttestations retrieves signed attestations and decodes them into in-toto statements https://github.com/in-toto/attestation/blob/main/spec/README.md#statement

func Init ¶ added in v1.7.0

func Init() error

func SetMock ¶ added in v1.5.0

func SetMock(image string, data [][]byte) error

func VerifySignature ¶ added in v1.5.0

func VerifySignature(opts Options) (digest string, err error)

VerifySignature verifies that the image has the expected signatures

Types ¶

type Cosign ¶ added in v1.5.0

type Cosign interface {
	VerifyImageSignatures(ctx context.Context, signedImgRef name.Reference, co *cosign.CheckOpts) ([]oci.Signature, bool, error)

	VerifyImageAttestations(ctx context.Context, signedImgRef name.Reference, co *cosign.CheckOpts) (checkedAttestations []oci.Signature, bundleVerified bool, err error)
}

type Options ¶ added in v1.6.0

type Options struct {
	ImageRef             string
	Key                  string
	Cert                 string
	CertChain            string
	Roots                string
	Subject              string
	Issuer               string
	AdditionalExtensions map[string]string
	Annotations          map[string]string
	Repository           string
	RekorURL             string
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL