container

package

v0.0.74 Latest Latest Go to latest Published: Nov 15, 2024 License: Apache-2.0 Imports: 26 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/mindersec/minder

Links

Open Source Insights

Documentation ¶

Overview ¶

Package container provides the tools to verify a container artifact using sigstore

Index ¶

Variables
func BuildImageRef(registry, owner, artifact, checksum string) string
func Verify(ctx context.Context, sev *verify.SignedEntityVerifier, ...) ([]verifyif.Result, error)
type Attestation
type AttestationReply
type AuthMethod

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrProvenanceNotFoundOrIncomplete is returned when there's no provenance info (missing .sig or attestation) or
	// has incomplete data
	ErrProvenanceNotFoundOrIncomplete = errors.New("provenance not found or incomplete")

	// MaxAttestationsBytesLimit is the maximum number of bytes we're willing to read from the attestation endpoint
	// We'll limit this to 10mb for now
	MaxAttestationsBytesLimit int64 = 10 * 1024 * 1024
)

Functions ¶

func BuildImageRef ¶

func BuildImageRef(registry, owner, artifact, checksum string) string

BuildImageRef returns the OCI image reference

func Verify ¶

func Verify(
	ctx context.Context,
	sev *verify.SignedEntityVerifier,
	owner, artifact, checksumref string,
	authOpts ...AuthMethod,
) ([]verifyif.Result, error)

Verify verifies a container artifact using sigstore isSigned is true only if we were able to find a signature/attestation and it had everything needed to construct the sigstore bundle. isVerified is true only if we were able to verify the constructed bundle against the configured sigstore instance.

Types ¶

type Attestation ¶

type Attestation struct {
	Bundle json.RawMessage `json:"bundle"`
}

Attestation is the attestation from the GitHub attestation endpoint

type AttestationReply ¶

type AttestationReply struct {
	Attestations []Attestation `json:"attestations"`
}

AttestationReply is the reply from the GitHub attestation endpoint

type AuthMethod ¶

type AuthMethod func(auth *containerAuth)

AuthMethod is an option for containerAuth

func WithAuthenticator ¶

func WithAuthenticator(auth authn.Authenticator) AuthMethod

WithAuthenticator sets the authenticator as an authentication option we want to use during verification

func WithGitHubClient ¶

func WithGitHubClient(ghClient provifv1.GitHub) AuthMethod

WithGitHubClient sets the GitHub client as an authentication option we want to use during verification

func WithRegistry ¶

func WithRegistry(registry string) AuthMethod

WithRegistry sets the registry as an authentication option we want to use during verification

Source Files ¶

View all Source files

container.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL