Open ianlewis opened 1 year ago
The go-securesystemslib/cjson library is supported by the in-toto/TUF teams and while it doesn't look to have a large test suite or handle all edge cases, it would work well enough for our purposes as we only care about canonicalizing a DSSE envelope.
go-securesystemslib/cjson is also used by cosign and intoto
@lukehinds pointed this out in the OpenSSF slack.