Affected by GO-2023-2332 and 1 other vulnerabilities

GO-2023-2332: Gitsign's Rekor public keys fetched from upstream API instead of local TUF client. in github.com/sigstore/gitsign

GO-2024-3252: gitsign may use incorrect Rekor entries during verification in github.com/sigstore/gitsign

root

package

v0.7.1 Latest Latest Go to latest Published: May 22, 2023 License: Apache-2.0 Imports: 19 Imported by: 0

Details

This section is empty.

This section is empty.

func New(cfg *config.Config) *cobra.Command

This section is empty.