Add support for keyless verification via sigstore verifier

guacsec / guac

GUAC aggregates software security metadata into a high fidelity graph database.

https://guac.sh

Apache License 2.0

1.29k stars 176 forks source link

Add support for keyless verification via sigstore verifier #443

Open pxp928 opened 1 year ago

pxp928 commented 1 year ago

Determine the changes that need to be made to support keyless vertification via the sigstore verifier in guac

lumjjb commented 1 year ago

This featuer should be put on hold since there is currently development of sigstore library which may have implications on this. In addition, the TrustInformation interface is currently being revamped (https://github.com/guacsec/guac/issues/75)