Documentation ¶
Overview ¶
Package container provides the tools to verify a container artifact using sigstore
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrProvenanceNotFoundOrIncomplete is returned when there's no provenance info (missing .sig or attestation) or // has incomplete data ErrProvenanceNotFoundOrIncomplete = errors.New("provenance not found or incomplete") )
Functions ¶
func BuildImageRef ¶
BuildImageRef returns the OCI image reference
func Verify ¶
func Verify( ctx context.Context, sev *verify.SignedEntityVerifier, registry, owner, artifact, version string, authOpts ...AuthMethod, ) ([]verifyif.Result, error)
Verify verifies a container artifact using sigstore isSigned is true only if we were able to find a signature/attestation and it had everything needed to construct the sigstore bundle. isVerified is true only if we were able to verify the constructed bundle against the configured sigstore instance.
Types ¶
type Attestation ¶ added in v0.0.27
type Attestation struct {
Bundle json.RawMessage `json:"bundle"`
}
Attestation is the attestation from the GitHub attestation endpoint
type AttestationReply ¶ added in v0.0.27
type AttestationReply struct {
Attestations []Attestation `json:"attestations"`
}
AttestationReply is the reply from the GitHub attestation endpoint
type AuthMethod ¶ added in v0.0.27
type AuthMethod func(auth *containerAuth)
AuthMethod is an option for containerAuth
func WithGitHubClient ¶ added in v0.0.27
func WithGitHubClient(ghClient provifv1.GitHub) AuthMethod
WithGitHubClient sets the GitHub client as an authentication option we want to use during verification