Documentation ¶
Index ¶
- Constants
- Variables
- func Attest() *ffcli.Command
- func AttestCmd(ctx context.Context, ko KeyOpts, imageRef string, certPath string, upload bool, ...) error
- func Clean() *ffcli.Command
- func CleanCmd(ctx context.Context, imageRef string) error
- func Copy() *ffcli.Command
- func CopyCmd(ctx context.Context, srcImg, dstImg string, sigOnly, force bool) error
- func DefaultRegistryClientOpts(ctx context.Context) []remote.Option
- func Digest(ctx context.Context, ref name.Reference) (v1.Hash, error)
- func EnableExperimental() bool
- func Generate() *ffcli.Command
- func GenerateCmd(_ context.Context, imageRef string, annotations map[string]interface{}, ...) error
- func GenerateKeyPair() *ffcli.Command
- func GenerateKeyPairCmd(ctx context.Context, kmsVal string, args []string) error
- func GetPass(confirm bool) ([]byte, error)
- func GetPublicKey(ctx context.Context, opts Pkopts, writer NamedWriter, pf cosign.PassFunc) error
- func Init() *ffcli.Command
- func LoadECDSAPrivateKey(key []byte, pass []byte) (*signature.ECDSASignerVerifier, error)
- func LoadPublicKey(ctx context.Context, keyRef string) (verifier signature.Verifier, err error)
- func MungeCmd(ctx context.Context, imageRef string) error
- func PrintVerification(imgRef string, verified []cosign.SignedPayload, co *cosign.CheckOpts, ...)
- func PublicKey() *ffcli.Command
- func Sign() *ffcli.Command
- func SignBlob() *ffcli.Command
- func SignBlobCmd(ctx context.Context, ko KeyOpts, payloadPath string, b64 bool, output string) ([]byte, error)
- func SignCmd(ctx context.Context, ko KeyOpts, annotations map[string]interface{}, ...) error
- func TargetRepositoryForImage(img name.Reference) (name.Repository, error)
- func Triangulate() *ffcli.Command
- func Verify() *ffcli.Command
- func VerifyAttestation() *ffcli.Command
- func VerifyBlob() *ffcli.Command
- func VerifyBlobCmd(ctx context.Context, ko KeyOpts, certRef, sigRef, blobRef string) error
- func VerifyDockerfile() *ffcli.Command
- func VerifyManifest() *ffcli.Command
- func Version() *ffcli.Command
- type Info
- type KeyOpts
- type KeyParseError
- type NamedWriter
- type Pkopts
- type VerifyAttestationCommand
- type VerifyCommand
- type VerifyDockerfileCommand
- type VerifyManifestCommand
Constants ¶
const ( IntotoPayloadType = "application/vnd.in-toto+json" DssePayloadType = "application/vnd.dsse.envelope.v1+json" )
const (
ExperimentalEnv = "COSIGN_EXPERIMENTAL"
)
Variables ¶
var ( // Output of "git describe". The prerequisite is that the branch should be // tagged using the correct versioning strategy. GitVersion = "devel" )
Base version information.
This is the fallback data used when version information from git is not provided via go ldflags (e.g. via Makefile).
var (
// Read is for fuzzing
Read = readPasswordFn
)
Functions ¶
func DefaultRegistryClientOpts ¶ added in v1.0.0
func Digest ¶ added in v1.0.0
Digest returns the digest of the image at the reference.
If the reference is by digest already, it simply extracts the digest. Otherwise, it looks up the digest from the registry.
func EnableExperimental ¶ added in v0.5.0
func EnableExperimental() bool
func GenerateCmd ¶
func GenerateKeyPair ¶
func GenerateKeyPairCmd ¶
func GetPublicKey ¶ added in v0.2.0
func LoadECDSAPrivateKey ¶ added in v1.0.1
func LoadECDSAPrivateKey(key []byte, pass []byte) (*signature.ECDSASignerVerifier, error)
func LoadPublicKey ¶ added in v1.0.0
func PrintVerification ¶ added in v0.5.0
func PrintVerification(imgRef string, verified []cosign.SignedPayload, co *cosign.CheckOpts, output string)
PrintVerification logs details about the verification to stdout
func SignBlobCmd ¶
func TargetRepositoryForImage ¶ added in v0.6.0
func TargetRepositoryForImage(img name.Reference) (name.Repository, error)
func Triangulate ¶
func VerifyAttestation ¶ added in v1.0.0
Verify builds and returns an ffcli command
func VerifyBlob ¶
func VerifyBlobCmd ¶
func VerifyDockerfile ¶ added in v0.6.0
Verify builds and returns an ffcli command
func VerifyManifest ¶ added in v1.1.0
Verify builds and returns an ffcli command
Types ¶
type Info ¶ added in v0.3.0
type Info struct { GitVersion string GitCommit string GitTreeState string BuildDate string GoVersion string Compiler string Platform string }
func VersionInfo ¶
func VersionInfo() Info
func (*Info) JSONString ¶ added in v0.3.0
JSONString returns the JSON representation of the version info
type KeyParseError ¶
type KeyParseError struct{}
KeyParseError is an error returned when an incorrect set of key flags are parsed by the CLI
func (*KeyParseError) Error ¶
func (e *KeyParseError) Error() string
type NamedWriter ¶ added in v0.3.0
type VerifyAttestationCommand ¶ added in v1.0.0
type VerifyAttestationCommand struct { CheckClaims bool KeyRef string Sk bool Slot string Output string FulcioURL string RekorURL string }
VerifyAttestationCommand verifies a signature on a supplied container image
type VerifyCommand ¶ added in v0.2.0
type VerifyCommand struct { CheckClaims bool KeyRef string Sk bool Slot string Output string RekorURL string Annotations *map[string]interface{} }
VerifyCommand verifies a signature on a supplied container image
type VerifyDockerfileCommand ¶ added in v0.6.0
type VerifyDockerfileCommand struct { VerifyCommand BaseOnly bool }
VerifyCommand verifies a signature on a supplied container image
type VerifyManifestCommand ¶ added in v1.1.0
type VerifyManifestCommand struct {
VerifyCommand
}
VerifyCommand verifies all image signatures on a supplied k8s resource