-
**Description**
As identified in #274: this client should support the bundle format defined in [protobuf-specs](https://github.com/sigstore/protobuf-specshttps://github.com/sigstore/protobuf-specs)…
-
**Description**
Tracking bug for https://github.com/sigstore/sigstore-go/blob/main/pkg/verify/tlog.go#L174
This is not absolutely necessary because we do already compare against the [signatu…
-
I'd like to be able to use Sigstore keyless signing to generate the provenance file for my Helm charts.
Would it be possible to use [gitsign](https://github.com/sigstore/gitsign) from Helm with min…
-
I was sure this issue already existed but now I cannot find it...
tough client does not seem to support METAFILEs without hashes or length within timestamp and snapshot metadata.
The specificati…
-
sigstore-conformance provides a GitHub action that client projects can use. A similar setup might work for us: this would also mean we don't necessarily need to setup pypi releases etc...
This is n…
-
**Is your feature request related to a problem? Please describe.**
At present, the container images being published lack both [docker content trust](https://docs.docker.com/engine/security/trust/) an…
-
**Description**
Different parts of code use different libraries for JSON canonicalization.
**Examples:**
https://github.com/sigstore/sigstore-rs/blob/d5ba303182318495a081d1c4ad50d5c27be015cc/…
-
I've noticed that this project is using skopeo to copy images, that's very cool!
Would be great if this project supported validating and copying sigstore signatures as well.
Skopeo utilizes this c…
-
Rather than creating a new transparency log, we could evaluate whether [sigstore](https://www.sigstore.dev/) would be sufficient for our purposes.
twiss updated
5 months ago
-
Following #768
For folks using slsa-verifier as a library, it could be useful to export the mocks we already have for the TUF client `newMockSigstoreTUFClient`, and it's implementation for `GetTar…