Affected by GO-2024-2582 and 4 other vulnerabilities

GO-2024-2582: Minder trusts client-provided mapping from repo name to upstream ID in github.com/stacklok/minder

GO-2024-2864: Denial of service of Minder Server with attacker-controlled REST endpoint in github.com/stacklok/minder

GO-2024-2871: Stacklok Minder vulnerable to denial of service from maliciously crafted templates in github.com/stacklok/minder

GO-2024-2885: Denial of service of Minder Server from maliciously crafted GitHub attestations in github.com/stacklok/minder

GO-2024-2934: Minder affected by denial of service from maliciously configured Git repository in github.com/stacklok/minder

sigstore

package

v0.0.25 Latest Latest Go to latest Published: Jan 16, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/stacklok/minder

Links

Open Source Insights

Documentation ¶

Overview ¶

Package sigstore provides a client for verifying artifacts using sigstore

Index ¶

Constants
type Sigstore
- func New(trustedRoot, accessToken, cacheDir string) (*Sigstore, error)
- func (s *Sigstore) VerifyContainer(ctx context.Context, registry, owner, artifact, version string) (json.RawMessage, json.RawMessage, error)

Constants ¶

View Source

const (
	// SigstorePublicTrustedRootRepo is the public trusted root repository for sigstore
	SigstorePublicTrustedRootRepo = "tuf-repo-cdn.sigstore.dev"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Sigstore ¶

type Sigstore struct {
	// contains filtered or unexported fields
}

Sigstore is the sigstore verifier

func New ¶

func New(trustedRoot, accessToken, cacheDir string) (*Sigstore, error)

New creates a new Sigstore verifier

func (*Sigstore) VerifyContainer ¶

func (s *Sigstore) VerifyContainer(ctx context.Context, registry, owner, artifact, version string) (
	json.RawMessage, json.RawMessage, error)

VerifyContainer verifies a container artifact using sigstore

Source Files ¶

View all Source files

sigstore.go

Directories ¶

Path	Synopsis
container Package container provides the tools to verify a container artifact using sigstore	Package container provides the tools to verify a container artifact using sigstore

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL