Affected by GO-2024-2718 and 3 other vulnerabilities

GO-2024-2718: Cosign malicious attachments can cause system-wide denial of service in github.com/sigstore/cosign

GO-2024-2719: Cosign malicious artifacts can cause machine-wide DoS in github.com/sigstore/cosign

GO-2026-4309: Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign

GO-2026-4529: Cosign considered signatures valid with expired intermediate certificates when transparency log verification is skipped in github.com/sigstore/cosign

The highest tagged major version is v3.

upload

package

v1.13.6 Latest Latest Go to latest Published: Mar 21, 2024 License: Apache-2.0 Imports: 11 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/sigstore/cosign

Links

Open Source Insights

Documentation ¶

Index ¶

func BlobCmd(ctx context.Context, regOpts options.RegistryOptions, files []cremote.File, ...) error
func WasmCmd(ctx context.Context, regOpts options.RegistryOptions, ...) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func BlobCmd ¶

func BlobCmd(ctx context.Context, regOpts options.RegistryOptions, files []cremote.File, annotations map[string]string, contentType, imageRef string) error

func WasmCmd ¶

func WasmCmd(ctx context.Context, regOpts options.RegistryOptions, wasmPath, imageRef string) error

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL