Affected by GO-2024-2582 and 4 other vulnerabilities

GO-2024-2582: Minder trusts client-provided mapping from repo name to upstream ID in github.com/stacklok/minder

GO-2024-2864: Denial of service of Minder Server with attacker-controlled REST endpoint in github.com/stacklok/minder

GO-2024-2871: Stacklok Minder vulnerable to denial of service from maliciously crafted templates in github.com/stacklok/minder

GO-2024-2885: Denial of service of Minder Server from maliciously crafted GitHub attestations in github.com/stacklok/minder

GO-2024-2934: Minder affected by denial of service from maliciously configured Git repository in github.com/stacklok/minder

container

package

v0.0.25 Latest Latest Go to latest Published: Jan 16, 2024 License: Apache-2.0 Imports: 22 Imported by: 0

Details

Package container provides the tools to verify a container artifact using sigstore

This section is empty.

This section is empty.

func BuildImageRef(registry, owner, artifact, version string) string

BuildImageRef returns the OCI image reference

func Verify(_ context.Context, sev *verify.SignedEntityVerifier, accessToken, registry, owner, artifact, version string) (
	[]byte, []byte, error)

Verify verifies a container artifact using sigstore

This section is empty.