Take advantage of cosign's modular re-factoring

slsa-framework / slsa-verifier

Verify provenance from SLSA compliant builders

Apache License 2.0

226 stars 48 forks source link

Take advantage of cosign's modular re-factoring #684

Open laurentsimon opened 1 year ago

laurentsimon commented 1 year ago

https://github.com/sigstore/cosign/pull/3059 is splitting APIs based on providers. Once it's landed, we can use these to provide various slsa-verifier builds: on for all providers, one for Google, docker, etc

laurentsimon commented 1 year ago

There is also a new Go library donated by GitHub folks https://github.com/sigstore/sigstore-go!