Common go library shared across sigstore services and clients
sigstore framework
sigstore/sigstore contains common Sigstore code: that is, code shared by infrastructure (e.g., Fulcio and Rekor) and Go language clients (e.g., Cosign and Gitsign).
This library currently provides:
The following KMS systems are available:
For example code, look at the relevant test code for each main code file.
Fuzzing
The fuzzing tests are within https://github.com/sigstore/sigstore/tree/main/test/fuzz
Security
Should you discover any security issues, please refer to sigstores security process
For container signing, you want cosign
Twice a month we will interview people behind open source businesses. We will talk about how they are building a business on top of open source projects.
We'll never share your email with anyone else.