Affected by 
The highest tagged major version is
Documentation
¶
Index ¶
- Constants
- Variables
- func EnableExperimental() bool
- func NOf(args ...interface{}) int
- func OneOf(args ...interface{}) bool
- func ParsePredicateType(t string) (string, error)
- func UserAgent() string
- type AnnotationOptions
- type AttachAttestationOptions
- type AttachSBOMOptions
- type AttachSignatureOptions
- type AttestOptions
- type CertVerifyOptions
- type CleanOptions
- type CopyOptions
- type FilesOptions
- type FulcioOptions
- type GenerateKeyPairOptions
- type GenerateOptions
- type ImportKeyPairOptions
- type InitializeOptions
- type Interface
- type KeyParseError
- type Keychain
- type LoadOptions
- type OIDCOptions
- type PIVToolAttestationOptions
- type PIVToolGenerateKeyOptions
- type PIVToolSetManagementKeyOptions
- type PIVToolSetPINOptions
- type PIVToolSetPUKOptions
- type PIVToolUnblockOptions
- type PKCS11ToolListKeysUrisOptions
- type PKCS11ToolListTokensOptions
- type PolicyInitOptions
- type PolicySignOptions
- type PredicateLocalOptions
- type PredicateOptions
- type PredicateRemoteOptions
- type PubKeyParseError
- type PublicKeyOptions
- type ReferenceOptions
- type RegistryOptions
- type RekorOptions
- type RootOptions
- type SaveOptions
- type SecurityKeyOptions
- type SignBlobOptions
- type SignOptions
- type SignatureDigestOptions
- type TreeOptions
- type TriangulateOptions
- type UploadBlobOptions
- type UploadWASMOptions
- type VerifyAttestationOptions
- type VerifyBlobOptions
- type VerifyDockerfileOptions
- type VerifyOptions
Constants ¶
const ( PredicateCustom = "custom" PredicateSLSA = "slsaprovenance" PredicateSPDX = "spdx" PredicateLink = "link" PredicateVuln = "vuln" )
const DefaultFulcioURL = "https://fulcio.sigstore.dev"
const DefaultOIDCIssuerURL = "https://oauth2.sigstore.dev/auth"
const DefaultRekorURL = "https://rekor.sigstore.dev"
const DefaultTimeout = 3 * time.Minute
DefaultTimeout specifies the default timeout for commands.
const (
ExperimentalEnv = "COSIGN_EXPERIMENTAL"
)
Variables ¶
var PredicateTypeMap = map[string]string{ PredicateCustom: attestation.CosignCustomProvenanceV01, PredicateSLSA: slsa.PredicateSLSAProvenance, PredicateSPDX: in_toto.PredicateSPDX, PredicateLink: in_toto.PredicateLinkV1, PredicateVuln: attestation.CosignVulnProvenanceV01, }
PredicateTypeMap is the mapping between the predicate `type` option to predicate URI.
Functions ¶
func EnableExperimental ¶
func EnableExperimental() bool
func OneOf ¶
func OneOf(args ...interface{}) bool
OneOf ensures that only one of the supplied interfaces is set to a non-zero value.
func ParsePredicateType ¶
ParsePredicateType parses the predicate `type` flag passed into a predicate URI, or validates `type` is a valid URI.
Types ¶
type AnnotationOptions ¶
type AnnotationOptions struct {
Annotations []string
}
AnnotationOptions is the top level wrapper for the annotations.
func (*AnnotationOptions) AddFlags ¶
func (o *AnnotationOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
func (*AnnotationOptions) AnnotationsMap ¶
func (o *AnnotationOptions) AnnotationsMap() (sigs.AnnotationsMap, error)
type AttachAttestationOptions ¶ added in v1.5.0
type AttachAttestationOptions struct {
Attestation string
Registry RegistryOptions
}
AttachAttestationOptions is the top level wrapper for the attach attestation command.
func (*AttachAttestationOptions) AddFlags ¶ added in v1.5.0
func (o *AttachAttestationOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type AttachSBOMOptions ¶
type AttachSBOMOptions struct {
SBOM string
SBOMType string
SBOMInputFormat string
Registry RegistryOptions
}
AttachSBOMOptions is the top level wrapper for the attach sbom command.
func (*AttachSBOMOptions) AddFlags ¶
func (o *AttachSBOMOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type AttachSignatureOptions ¶
type AttachSignatureOptions struct {
Signature string
Payload string
Registry RegistryOptions
}
AttachSignatureOptions is the top level wrapper for the attach signature command.
func (*AttachSignatureOptions) AddFlags ¶
func (o *AttachSignatureOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type AttestOptions ¶
type AttestOptions struct {
Key string
Cert string
CertChain string
NoUpload bool
Force bool
Recursive bool
Replace bool
Rekor RekorOptions
Fulcio FulcioOptions
OIDC OIDCOptions
SecurityKey SecurityKeyOptions
Predicate PredicateLocalOptions
Registry RegistryOptions
}
AttestOptions is the top level wrapper for the attest command.
func (*AttestOptions) AddFlags ¶
func (o *AttestOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type CertVerifyOptions ¶ added in v1.5.0
type CertVerifyOptions struct {
Cert string
CertEmail string
CertOidcIssuer string
CertChain string
}
CertVerifyOptions is the wrapper for certificate verification.
func (*CertVerifyOptions) AddFlags ¶ added in v1.5.0
func (o *CertVerifyOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type CleanOptions ¶ added in v1.6.0
type CleanOptions struct {
Registry RegistryOptions
CleanType string
Force bool
}
func (*CleanOptions) AddFlags ¶ added in v1.6.0
func (c *CleanOptions) AddFlags(cmd *cobra.Command)
type CopyOptions ¶
type CopyOptions struct {
SignatureOnly bool
Force bool
Registry RegistryOptions
}
CopyOptions is the top level wrapper for the copy command.
func (*CopyOptions) AddFlags ¶
func (o *CopyOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type FilesOptions ¶
type FilesOptions struct {
Files []string
}
FilesOptions is the wrapper for the files.
func (*FilesOptions) AddFlags ¶
func (o *FilesOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
func (*FilesOptions) String ¶
func (o *FilesOptions) String() string
type FulcioOptions ¶
FulcioOptions is the wrapper for Fulcio related options.
func (*FulcioOptions) AddFlags ¶
func (o *FulcioOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type GenerateKeyPairOptions ¶
type GenerateKeyPairOptions struct {
// KMS Key Management Service
KMS string
}
GenerateKeyPairOptions is the top level wrapper for the generate-key-pair command.
func (*GenerateKeyPairOptions) AddFlags ¶
func (o *GenerateKeyPairOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type GenerateOptions ¶
type GenerateOptions struct {
AnnotationOptions
Registry RegistryOptions
}
GenerateOptions is the top level wrapper for the generate command.
func (*GenerateOptions) AddFlags ¶
func (o *GenerateOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type ImportKeyPairOptions ¶ added in v1.5.0
type ImportKeyPairOptions struct {
// Local key file generated by external program such as OpenSSL
Key string
}
ImportKeyPairOptions is the top level wrapper for the import-key-pair command.
func (*ImportKeyPairOptions) AddFlags ¶ added in v1.5.0
func (o *ImportKeyPairOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type InitializeOptions ¶
InitializeOptions is the top level wrapper for the initialize command.
func (*InitializeOptions) AddFlags ¶
func (o *InitializeOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type KeyParseError ¶
type KeyParseError struct{}
KeyParseError is an error returned when an incorrect set of key flags are parsed by the CLI
func (*KeyParseError) Error ¶
func (e *KeyParseError) Error() string
type Keychain ¶ added in v1.7.0
Keychain is an alias of authn.Keychain to expose this configuration option to consumers of this lib
type LoadOptions ¶ added in v1.4.0
type LoadOptions struct {
Directory string
}
LoadOptions is the top level wrapper for the load command.
func (*LoadOptions) AddFlags ¶ added in v1.4.0
func (o *LoadOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type OIDCOptions ¶
type OIDCOptions struct {
Issuer string
ClientID string
RedirectURL string
// contains filtered or unexported fields
}
OIDCOptions is the wrapper for OIDC related options.
func (*OIDCOptions) AddFlags ¶
func (o *OIDCOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
func (*OIDCOptions) ClientSecret ¶
func (o *OIDCOptions) ClientSecret() (string, error)
type PIVToolAttestationOptions ¶
PIVToolAttestationOptions is the wrapper for `piv-tool attestation` related options.
func (*PIVToolAttestationOptions) AddFlags ¶
func (o *PIVToolAttestationOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type PIVToolGenerateKeyOptions ¶
type PIVToolGenerateKeyOptions struct {
ManagementKey string
RandomKey bool
Slot string
PINPolicy string
TouchPolicy string
}
PIVToolGenerateKeyOptions is the wrapper for `piv-tool generate-key` related options.
func (*PIVToolGenerateKeyOptions) AddFlags ¶
func (o *PIVToolGenerateKeyOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type PIVToolSetManagementKeyOptions ¶
PIVToolSetManagementKeyOptions is the wrapper for `piv-tool set-management-key` related options.
func (*PIVToolSetManagementKeyOptions) AddFlags ¶
func (o *PIVToolSetManagementKeyOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type PIVToolSetPINOptions ¶
PIVToolSetPINOptions is the wrapper for `piv-tool set-pin` related options.
func (*PIVToolSetPINOptions) AddFlags ¶
func (o *PIVToolSetPINOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type PIVToolSetPUKOptions ¶
PIVToolSetPUKOptions is the wrapper for `piv-tool set-puk` related options.
func (*PIVToolSetPUKOptions) AddFlags ¶
func (o *PIVToolSetPUKOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type PIVToolUnblockOptions ¶
PIVToolUnblockOptions is the wrapper for `piv-tool unblock` related options.
func (*PIVToolUnblockOptions) AddFlags ¶
func (o *PIVToolUnblockOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type PKCS11ToolListKeysUrisOptions ¶ added in v1.3.1
PKCS11ToolListKeysUrisOptions is the wrapper for `pkcs11-tool list-keys-uris` related options.
func (*PKCS11ToolListKeysUrisOptions) AddFlags ¶ added in v1.3.1
func (o *PKCS11ToolListKeysUrisOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type PKCS11ToolListTokensOptions ¶ added in v1.3.1
type PKCS11ToolListTokensOptions struct {
ModulePath string
}
PKCS11ToolListTokens is the wrapper for `pkcs11-tool list-tokens` related options.
func (*PKCS11ToolListTokensOptions) AddFlags ¶ added in v1.3.1
func (o *PKCS11ToolListTokensOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type PolicyInitOptions ¶
type PolicyInitOptions struct {
ImageRef string
Maintainers []string
Issuer string
Threshold int
Expires int
OutFile string
Registry RegistryOptions
}
PolicyInitOptions is the top level wrapper for the policy-init command.
func (*PolicyInitOptions) AddFlags ¶
func (o *PolicyInitOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type PolicySignOptions ¶
type PolicySignOptions struct {
ImageRef string
OutFile string
Registry RegistryOptions
Fulcio FulcioOptions
Rekor RekorOptions
OIDC OIDCOptions
}
func (*PolicySignOptions) AddFlags ¶
func (o *PolicySignOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type PredicateLocalOptions ¶
type PredicateLocalOptions struct {
PredicateOptions
Path string
}
PredicateLocalOptions is the wrapper for predicate related options.
func (*PredicateLocalOptions) AddFlags ¶
func (o *PredicateLocalOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type PredicateOptions ¶
type PredicateOptions struct {
Type string
}
PredicateOptions is the wrapper for predicate related options.
func (*PredicateOptions) AddFlags ¶
func (o *PredicateOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type PredicateRemoteOptions ¶
type PredicateRemoteOptions struct {
PredicateOptions
}
PredicateRemoteOptions is the wrapper for remote predicate related options.
func (*PredicateRemoteOptions) AddFlags ¶
func (o *PredicateRemoteOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type PubKeyParseError ¶
type PubKeyParseError struct{}
PubKeyParseError is an error returned when an incorrect set of public key flags are parsed by the CLI
func (*PubKeyParseError) Error ¶
func (e *PubKeyParseError) Error() string
type PublicKeyOptions ¶
type PublicKeyOptions struct {
Key string
SecurityKey SecurityKeyOptions
OutFile string
}
PublicKeyOptions is the top level wrapper for the public-key command.
func (*PublicKeyOptions) AddFlags ¶
func (o *PublicKeyOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type ReferenceOptions ¶
type ReferenceOptions struct {
TagPrefix string
}
ReferenceOptions is a wrapper for image reference options.
func (*ReferenceOptions) AddFlags ¶
func (o *ReferenceOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type RegistryOptions ¶
type RegistryOptions struct {
AllowInsecure bool
KubernetesKeychain bool
RefOpts ReferenceOptions
Keychain Keychain
}
RegistryOptions is the wrapper for the registry options.
func (*RegistryOptions) AddFlags ¶
func (o *RegistryOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
func (*RegistryOptions) ClientOpts ¶
func (*RegistryOptions) GetRegistryClientOpts ¶
func (o *RegistryOptions) GetRegistryClientOpts(ctx context.Context) []remote.Option
type RekorOptions ¶
type RekorOptions struct {
URL string
}
RekorOptions is the wrapper for Rekor related options.
func (*RekorOptions) AddFlags ¶
func (o *RekorOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type RootOptions ¶
RootOptions define flags and options for the root cosign cli.
func (*RootOptions) AddFlags ¶
func (o *RootOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type SaveOptions ¶ added in v1.4.0
type SaveOptions struct {
Directory string
}
SaveOptions is the top level wrapper for the load command.
func (*SaveOptions) AddFlags ¶ added in v1.4.0
func (o *SaveOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type SecurityKeyOptions ¶
SecurityKeyOptions is the wrapper for security key related options.
func (*SecurityKeyOptions) AddFlags ¶
func (o *SecurityKeyOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type SignBlobOptions ¶
type SignBlobOptions struct {
Key string
Base64Output bool
Output string // deprecated: TODO remove when the output flag is fully deprecated
OutputSignature string // TODO: this should be the root output file arg.
OutputCertificate string
SecurityKey SecurityKeyOptions
Fulcio FulcioOptions
Rekor RekorOptions
OIDC OIDCOptions
Registry RegistryOptions
BundlePath string
}
SignBlobOptions is the top level wrapper for the sign-blob command. The new output-certificate flag is only in use when COSIGN_EXPERIMENTAL is enabled
func (*SignBlobOptions) AddFlags ¶
func (o *SignBlobOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type SignOptions ¶
type SignOptions struct {
Key string
Cert string
CertChain string
Upload bool
Output string // deprecated: TODO remove when the output flag is fully deprecated
OutputSignature string // TODO: this should be the root output file arg.
OutputCertificate string
PayloadPath string
Force bool
Recursive bool
Attachment string
Rekor RekorOptions
Fulcio FulcioOptions
OIDC OIDCOptions
SecurityKey SecurityKeyOptions
AnnotationOptions
Registry RegistryOptions
}
SignOptions is the top level wrapper for the sign command.
func (*SignOptions) AddFlags ¶
func (o *SignOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type SignatureDigestOptions ¶ added in v1.4.0
type SignatureDigestOptions struct {
AlgorithmName string
}
SignatureDigestOptions holds options for specifying which digest algorithm should be used when processing a signature.
func (*SignatureDigestOptions) AddFlags ¶ added in v1.4.0
func (o *SignatureDigestOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
func (*SignatureDigestOptions) HashAlgorithm ¶ added in v1.4.0
func (o *SignatureDigestOptions) HashAlgorithm() (crypto.Hash, error)
HashAlgorithm converts the algorithm's name - provided as a string - into a crypto.Hash algorithm. Returns an error if the algorithm name doesn't match a supported algorithm, and defaults to SHA256 in the event that the given algorithm is invalid.
type TreeOptions ¶ added in v1.7.0
type TreeOptions struct {
Registry RegistryOptions
CleanType string
}
func (*TreeOptions) AddFlags ¶ added in v1.7.0
func (c *TreeOptions) AddFlags(cmd *cobra.Command)
type TriangulateOptions ¶
type TriangulateOptions struct {
Type string
Registry RegistryOptions
}
TriangulateOptions is the top level wrapper for the triangulate command.
func (*TriangulateOptions) AddFlags ¶
func (o *TriangulateOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type UploadBlobOptions ¶
type UploadBlobOptions struct {
ContentType string
Files FilesOptions
Registry RegistryOptions
}
UploadBlobOptions is the top level wrapper for the `upload blob` command.
func (*UploadBlobOptions) AddFlags ¶
func (o *UploadBlobOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type UploadWASMOptions ¶
type UploadWASMOptions struct {
File string
Registry RegistryOptions
}
UploadWASMOptions is the top level wrapper for the `upload wasm` command.
func (*UploadWASMOptions) AddFlags ¶
func (o *UploadWASMOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type VerifyAttestationOptions ¶
type VerifyAttestationOptions struct {
Key string
CheckClaims bool
Output string
SecurityKey SecurityKeyOptions
Rekor RekorOptions
CertVerify CertVerifyOptions
Registry RegistryOptions
Predicate PredicateRemoteOptions
Policies []string
LocalImage bool
}
VerifyAttestationOptions is the top level wrapper for the `verify attestation` command.
func (*VerifyAttestationOptions) AddFlags ¶
func (o *VerifyAttestationOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type VerifyBlobOptions ¶
type VerifyBlobOptions struct {
Key string
Signature string
BundlePath string
SecurityKey SecurityKeyOptions
CertVerify CertVerifyOptions
Rekor RekorOptions
Registry RegistryOptions
}
VerifyBlobOptions is the top level wrapper for the `verify blob` command.
func (*VerifyBlobOptions) AddFlags ¶
func (o *VerifyBlobOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type VerifyDockerfileOptions ¶
type VerifyDockerfileOptions struct {
VerifyOptions
BaseImageOnly bool
}
VerifyBlobOptions is the top level wrapper for the `verify blob` command.
func (*VerifyDockerfileOptions) AddFlags ¶
func (o *VerifyDockerfileOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
type VerifyOptions ¶
type VerifyOptions struct {
Key string
CheckClaims bool
Attachment string
Output string
SignatureRef string
LocalImage bool
SecurityKey SecurityKeyOptions
CertVerify CertVerifyOptions
Rekor RekorOptions
Registry RegistryOptions
SignatureDigest SignatureDigestOptions
AnnotationOptions
}
VerifyOptions is the top level wrapper for the `verify` command.
func (*VerifyOptions) AddFlags ¶
func (o *VerifyOptions) AddFlags(cmd *cobra.Command)
AddFlags implements Interface
Source Files
¶
- annotations.go
- attach.go
- attest.go
- certificate.go
- clean.go
- copy.go
- errors.go
- experimental.go
- files.go
- flags.go
- fulcio.go
- generate.go
- generate_key_pair.go
- import_key_pair.go
- initialize.go
- load.go
- oidc.go
- options.go
- piv_tool.go
- pkcs11_tool.go
- policy.go
- predicate.go
- public_key.go
- reference.go
- registry.go
- rekor.go
- root.go
- save.go
- security_key.go
- sign.go
- signature_digest.go
- signblob.go
- tree.go
- triangulate.go
- upload.go
- useragent.go
- verify.go