Documentation
¶
Overview ¶
Package container provides the tools to verify a container artifact using sigstore
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // ErrProvenanceNotFoundOrIncomplete is returned when there's no provenance info (missing .sig or attestation) or // has incomplete data ErrProvenanceNotFoundOrIncomplete = errors.New("provenance not found or incomplete") )
Functions ¶
func BuildImageRef ¶
BuildImageRef returns the OCI image reference
func Verify ¶
func Verify( ctx context.Context, sev *verify.SignedEntityVerifier, registry, owner, artifact, version string, authOpts ...AuthMethod, ) ([]verifyif.Result, error)
Verify verifies a container artifact using sigstore isSigned is true only if we were able to find a signature/attestation and it had everything needed to construct the sigstore bundle. isVerified is true only if we were able to verify the constructed bundle against the configured sigstore instance.
Types ¶
type Attestation ¶ added in v0.0.27
type Attestation struct {
Bundle json.RawMessage `json:"bundle"`
}
Attestation is the attestation from the GitHub attestation endpoint
type AttestationReply ¶ added in v0.0.27
type AttestationReply struct {
Attestations []Attestation `json:"attestations"`
}
AttestationReply is the reply from the GitHub attestation endpoint
type AuthMethod ¶ added in v0.0.27
type AuthMethod func(auth *containerAuth)
AuthMethod is an option for containerAuth
func WithGitHubClient ¶ added in v0.0.27
func WithGitHubClient(ghClient provifv1.GitHub) AuthMethod
WithGitHubClient sets the GitHub client as an authentication option we want to use during verification
Source Files
Click to show internal directories.
Click to hide internal directories.