Concise Reference Integrity Manifest and Module Identifiers
The corim/corim
and corim/comid
packages provide a golang API for low-level manipulation of Concise Reference Integrity Manifest (CoRIM) and Concise Module Identifier (CoMID) tags respectively.
[!NOTE]
These API are still in active development (as is the underlying CoRIM spec).
They are subject to change in the future.
The corim/cocli
package uses the API above (as well as the API from veraison/swid
package) to provide a user friendly command line interface for working with CoRIM, CoMID, CoSWID and CoTS. Specifically it allows creating, signing, verifying, displaying, uploading, and more. See cocli/README.md
for further details.
Developer tips
Before requesting a PR (and routinely during the dev/test cycle), you are encouraged to run:
make presubmit
and check its output to make sure your code coverage figures are in line with the set target and that there are no newly introduced lint problems.
Extending CoRIM/CoMID
The CoRIM specification provides a mechanism for adding extensions to the base
CoRIM schema. The corim
and comid
structs which can be extended, embed an
Extensions
object that allows registering a wrapper structure defining
extension fields. For field types that can be extended, i.e. type choice
,
extensions can be implemented by calling an appropriate registration function
and giving it a new type or a value (for enums).
Please see extensions documentation for details.