Paket: golang-github-sigstore-sigstore-go-dev (0.7.1-2)
Links für golang-github-sigstore-sigstore-go-dev
Debian-Ressourcen:
Quellcode-Paket sigstore-go herunterladen:
Betreuer:
Externe Ressourcen:
- Homepage [github.com]
Ähnliche Pakete:
Sigstore signing and verification (Go library)
A client library for Sigstore (https://www.sigstore.dev/), written in Go. Features:
* Signing and verification of Sigstore bundles (https://github.com/sigstore/protobuf- specs/blob/main/protos/sigstore_bundle.proto) compliant with Sigstore Client Spec * Verification of raw Sigstore signatures by creating bundles for them (see conformance tests (/cmd/conformance/main.go) for example) * Signing and verifying with a Timestamp Authority (TSA) * Signing and verifying (offline or online) with Rekor (Artifact Transparency Log) * Structured verification results including certificate metadata * TUF support * Verification support for custom trusted root (https://github.com/sigstore/protobuf- specs/blob/main/protos/sigstore_trustroot.proto) * Basic CLI and examples
For an example of how to use this library, see the verification documentation (/docs/verification.md), the CLI cmd/sigstore-go (/cmd/sigstore-go/main.go). Note that the CLI is to demonstrate how to use the library, and not intended as a fully- featured Sigstore CLI like cosign (https://github.com/sigstore/cosign).
Background
Sigstore already has a canonical Go client implementation, cosign (https://github.com/sigstore/cosign), which was developed with a focus on container image signing/verification. It has a rich CLI and a long legacy of features and development. sigstore-go is a more minimal and friendly API for integrating Go code with Sigstore, with a focus on the newly specified data structures in sigstore/protobuf-specs (https://github.com/sigstore/protobuf-specs). sigstore-go attempts to minimize the dependency tree for simple signing and verification tasks, omitting KMS support and container image verification.
This package contains the Go library.
Andere Pakete mit Bezug zu golang-github-sigstore-sigstore-go-dev
|
|
|
|
-
- dep: golang-github-digitorus-pkcs7-dev
- Go PKCS#7/CMS library
-
- dep: golang-github-digitorus-timestamp-dev
- Time-Stamp Protocol (TSP/RFC3161) Go library
-
- dep: golang-github-go-openapi-runtime-dev
- OpenAPI runtime interfaces
-
- dep: golang-github-go-openapi-strfmt-dev
- OpenAPI string formatting library
-
- dep: golang-github-go-openapi-swag-dev
- goodie bag in use in the go-openapi projects
-
- dep: golang-github-google-certificate-transparency-dev
- Framework for monitoring and auditing SSL certificates
-
- dep: golang-github-in-toto-attestation-dev
- in-toto Attestation Framework (Go library)
-
- dep: golang-github-in-toto-in-toto-golang-dev
- software supply chain integrity framework in-toto for Go (library)
-
- dep: golang-github-secure-systems-lab-go-securesystemslib-dev
- Cryptographic routines for Golang Secure Systems Lab projects at NYU (library)
-
- dep: golang-github-sigstore-protobuf-specs-dev (>> 0.4.1~)
- Sigstore Protocol Buffer code (library)
-
- dep: golang-github-sigstore-rekor-dev (>> 1.3.6-2~)
- Software Supply Chain Transparency Log (library)
-
- dep: golang-github-sigstore-sigstore-dev (>> 1.8.10-2~)
- Common go library shared across sigstore services and clients (library)
-
- dep: golang-github-sigstore-timestamp-authority-dev
- Sigstore RFC3161 Timestamp Authority (Go library)
-
- dep: golang-github-stretchr-testify-dev
- sacred extension to the standard Go testing package
-
- dep: golang-github-theupdateframework-go-tuf-dev (>> 2.0.2~)
- Securing software in golang (library)
-
- dep: golang-golang-x-crypto-dev
- Supplementary Go cryptography libraries
-
- dep: golang-golang-x-mod-dev
- Go module mechanics libraries
-
- dep: golang-google-protobuf-dev
- Go support for protocol buffers (APIv2)
golang-github-sigstore-sigstore-go-dev herunterladen
| Architektur | Paketgröße | Größe (installiert) | Dateien |
|---|---|---|---|
| all | 104,4 kB | 607,0 kB | [Liste der Dateien] |