Sigstore Save

Common go library shared across sigstore services and clients

Project README

sigstore framework

sigstore/sigstore contains common Sigstore code: that is, code shared by infrastructure (e.g., Fulcio and Rekor) and Go language clients (e.g., Cosign and Gitsign).

This library currently provides:

A signing interface (support for ecdsa, ed25519, rsa, DSSE (in-toto))
OpenID Connect fulcio client code

The following KMS systems are available:

AWS Key Management Service
Azure Key Vault
HashiCorp Vault
Google Cloud Platform Key Management Service

For example code, look at the relevant test code for each main code file.

Fuzzing

The fuzzing tests are within https://github.com/sigstore/sigstore/tree/main/test/fuzz

Security

Should you discover any security issues, please refer to sigstores security process

For container signing, you want cosign

Open Source Agenda is not affiliated with "Sigstore" Project. README Source: sigstore/sigstore

Stars

431

Open Issues

Last Commit

3 days ago

Repository

sigstore/sigstore

License

Apache-2.0

Homepage

https://sigstore.dev

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/sigstore"><img src="https://www.opensourceagenda.com/projects/sigstore/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022