GO-2026-4529: Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign

The highest tagged major version is v3.

remote

package

v2.6.3 Latest Latest Go to latest Published: Apr 6, 2026 License: Apache-2.0 Imports: 1 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/sigstore/cosign

Links

Open Source Insights

Documentation ¶

Index ¶

func ArtifactType(attName string) string

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ArtifactType ¶

func ArtifactType(attName string) string

ArtifactType converts a attachment name (sig/sbom/att/etc.) into a valid artifactType (OCI 1.1+).

Types ¶

This section is empty.

Source Files ¶

View all Source files

remote.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL