Keyless Git signing using Sigstore
Full Changelog: https://github.com/sigstore/gitsign/compare/v0.9.0...v0.10.0
Not much! All dependency bumps. 😎
Full Changelog: https://github.com/sigstore/gitsign/compare/v0.8.0...v0.8.1
Rekor: https://search.sigstore.dev/?commitSha=01375268d822f8299a3d9c23f4fbd796c84bcaa5
gitsign.matchCommitter
option to verify certificate identity matches expected committer identity.gitsign verify
to verify commits with certificate verification options to match cosign (--certificate-identity
, --certificate-oidc-issuer
)Full Changelog: https://github.com/sigstore/gitsign/compare/v0.5.2...v0.6.0
gitsign show
attestations to comply with intoto spec. (i.e. gitsign.sigstore.dev/predicate/git/v0.1
-> https://gitsign.sigstore.dev/predicate/git/v0.1
)Full Changelog: https://github.com/sigstore/gitsign/compare/v0.4.0...v0.4.1