Affected by GO-2026-4309 and 1 other vulnerabilities

GO-2026-4309: Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign

GO-2026-4529: Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign

The highest tagged major version is v3.

google

package

v2.2.4 Latest Latest Go to latest Published: Apr 10, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/sigstore/cosign

Links

Open Source Insights

Documentation ¶

Overview ¶

Package google defines a google implementation of the providers.Interface.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL