verify

package
v2.6.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 9, 2026 License: Apache-2.0 Imports: 52 Imported by: 12

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AssembleNewBundle added in v2.4.2 

func AssembleNewBundle(ctx context.Context, sigBytes, signedTimestamp []byte, envelope *dsse.Envelope, artifactRef string, cert *x509.Certificate, ignoreTlog bool, sigVerifier signature.Verifier, pkOpts []signature.PublicKeyOption, rekorClient *client.Rekor) (*sgbundle.Bundle, error)

func PrintVerification 

func PrintVerification(ctx context.Context, verified []oci.Signature, output string)

PrintVerification logs details about the verification to stdout

func PrintVerificationHeader 

func PrintVerificationHeader(ctx context.Context, imgRef string, co *cosign.CheckOpts, bundleVerified, fulcioVerified bool)

Types

type VerifyAttestationCommand 

type VerifyAttestationCommand struct {
	options.RegistryOptions
	options.CertVerifyOptions
	options.CommonVerifyOptions
	CheckClaims                  bool
	KeyRef                       string
	CertRef                      string
	CertGithubWorkflowTrigger    string
	CertGithubWorkflowSha        string
	CertGithubWorkflowName       string
	CertGithubWorkflowRepository string
	CertGithubWorkflowRef        string
	CAIntermediates              string
	CARoots                      string
	CertChain                    string
	IgnoreSCT                    bool
	SCTRef                       string
	Sk                           bool
	Slot                         string
	Output                       string
	RekorURL                     string
	PredicateType                string
	Policies                     []string
	LocalImage                   bool
	NameOptions                  []name.Option
	Offline                      bool
	TSACertChainPath             string
	IgnoreTlog                   bool
	MaxWorkers                   int
	UseSignedTimestamps          bool
	HashAlgorithm                crypto.Hash
}

VerifyAttestationCommand verifies a signature on a supplied container image nolint

func (*VerifyAttestationCommand) Exec 

func (c *VerifyAttestationCommand) Exec(ctx context.Context, images []string) (err error)

Exec runs the verification command

type VerifyBlobAttestationCommand 

type VerifyBlobAttestationCommand struct {
	options.KeyOpts
	options.CertVerifyOptions

	CertRef         string
	CertChain       string
	CAIntermediates string
	CARoots         string
	TrustedRootPath string

	CertGithubWorkflowTrigger    string
	CertGithubWorkflowSHA        string
	CertGithubWorkflowName       string
	CertGithubWorkflowRepository string
	CertGithubWorkflowRef        string

	IgnoreSCT  bool
	SCTRef     string
	Offline    bool
	IgnoreTlog bool

	CheckClaims   bool
	PredicateType string

	SignaturePath       string // Path to the signature
	UseSignedTimestamps bool

	Digest        string
	DigestAlg     string
	HashAlgorithm crypto.Hash
}

VerifyBlobAttestationCommand verifies an attestation on a supplied blob nolint

func (*VerifyBlobAttestationCommand) Exec 

func (c *VerifyBlobAttestationCommand) Exec(ctx context.Context, artifactPath string) (err error)

Exec runs the verification command

type VerifyBlobCmd 

type VerifyBlobCmd struct {
	options.KeyOpts
	options.CertVerifyOptions
	CertRef                      string
	CAIntermediates              string
	CARoots                      string
	CertChain                    string
	SigRef                       string
	TrustedRootPath              string
	CertGithubWorkflowTrigger    string
	CertGithubWorkflowSHA        string
	CertGithubWorkflowName       string
	CertGithubWorkflowRepository string
	CertGithubWorkflowRef        string
	IgnoreSCT                    bool
	SCTRef                       string
	Offline                      bool
	UseSignedTimestamps          bool
	IgnoreTlog                   bool
	HashAlgorithm                crypto.Hash
}

nolint

func (*VerifyBlobCmd) Exec 

func (c *VerifyBlobCmd) Exec(ctx context.Context, blobRef string) error

nolint

type VerifyCommand 

type VerifyCommand struct {
	options.RegistryOptions
	options.CertVerifyOptions
	options.CommonVerifyOptions
	CheckClaims                  bool
	KeyRef                       string
	CertRef                      string
	CertGithubWorkflowTrigger    string
	CertGithubWorkflowSha        string
	CertGithubWorkflowName       string
	CertGithubWorkflowRepository string
	CertGithubWorkflowRef        string
	CAIntermediates              string
	CARoots                      string
	CertChain                    string
	CertOidcProvider             string
	IgnoreSCT                    bool
	SCTRef                       string
	Sk                           bool
	Slot                         string
	Output                       string
	RekorURL                     string
	Attachment                   string
	Annotations                  sigs.AnnotationsMap
	SignatureRef                 string
	PayloadRef                   string
	HashAlgorithm                crypto.Hash
	LocalImage                   bool
	NameOptions                  []name.Option
	Offline                      bool
	TSACertChainPath             string
	UseSignedTimestamps          bool
	IgnoreTlog                   bool
	MaxWorkers                   int
	ExperimentalOCI11            bool
	NewBundleFormat              bool
}

VerifyCommand verifies a signature on a supplied container image nolint

func (*VerifyCommand) Exec 

func (c *VerifyCommand) Exec(ctx context.Context, images []string) (err error)

Exec runs the verification command

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.