Concise Reference Integrity Manifest and Module Identifiers
The corim/v2/corim
and corim/v2/comid
packages provide a golang API for low-level manipulation of Concise Reference Integrity Manifest (CoRIM) and Concise Module Identifier (CoMID) tags respectively.
[!NOTE]
These API are still in active development (as is the underlying CoRIM spec).
They are subject to change going forward, and should not be considered
stable at this time.
The corim/v2/cocli
package uses the API above (as well as the API from veraison/swid
package) to provide a user friendly command line interface for working with CoRIM, CoMID, CoSWID and CoTS. Specifically it allows creating, signing, verifying, displaying, uploading, and more. See cocli/README.md
for further details.
Developer tips
Before requesting a PR (and routinely during the dev/test cycle), you are encouraged to run:
make presubmit
and check its output to make sure your code coverage figures are in line with the set target and that there are no newly introduced lint problems.