Affected by GO-2024-2718 and 3 other vulnerabilities

GO-2024-2718: Cosign malicious attachments can cause system-wide denial of service in github.com/sigstore/cosign

GO-2024-2719: Cosign malicious artifacts can cause machine-wide DoS in github.com/sigstore/cosign

GO-2026-4309: Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign

GO-2026-4529: Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign

The highest tagged major version is v3.

walk

package

v2.2.2 Latest Latest Go to latest Published: Dec 5, 2023 License: Apache-2.0 Imports: 3 Imported by: 5

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/sigstore/cosign

Links

Open Source Insights

Documentation ¶

Index ¶

func SignedEntity(ctx context.Context, parent oci.SignedEntity, fn Fn) error
type Fn

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func SignedEntity ¶

func SignedEntity(ctx context.Context, parent oci.SignedEntity, fn Fn) error

SignedEntity calls `fn` on the signed entity and each of its constituent entities (`SignedImageIndex` or `SignedImage`) transitively. Any errors returned by an `fn` are returned by `Walk`.

Types ¶

type Fn ¶

type Fn func(context.Context, oci.SignedEntity) error

Fn is the signature of the callback supplied to SignedEntity. The oci.SignedEntity is either an oci.SignedImageIndex or an oci.SignedImage. This callback is called on oci.SignedImageIndex *before* its children.

Source Files ¶

View all Source files

walk.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL