verifier

package

v0.0.70 Latest Latest Go to latest Published: Oct 23, 2024 License: Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Package verifier provides a client for verifying various types of artifacts against various provenance mechanisms

View Source

const (
	// ArtifactSignatureSuffix is the suffix for the signature tag
	ArtifactSignatureSuffix = ".sig"
)

This section is empty.

func GetSignatureTag(tags []string) string

GetSignatureTag returns the signature tag for a given image, if exists, otherwise empty string

func NewVerifier(verifier Type, verifierURL string, containerAuth ...container.AuthMethod) (verifyif.ArtifactVerifier, error)

NewVerifier creates a new Verifier object

type Type string

Type represents the type of verifier, i.e., sigstore, slsa, etc.

const (
	// VerifierSigstore is the sigstore verifier
	VerifierSigstore Type = "sigstore"
)

Path	Synopsis
sigstore Package sigstore provides a client for verifying artifacts using sigstore	Package sigstore provides a client for verifying artifacts using sigstore
container Package container provides the tools to verify a container artifact using sigstore	Package container provides the tools to verify a container artifact using sigstore
verifyif Package verifyif provides the interface for artifact verifiers, including the Result type	Package verifyif provides the interface for artifact verifiers, including the Result type
mock Package mock_verifyif is a generated GoMock package.	Package mock_verifyif is a generated GoMock package.