cosign icon indicating copy to clipboard operation
cosign copied to clipboard

Published 20 hours ago verified publisher icon sigstore

Refactor cosign verification logic into a package

Open steiza opened this issue 2 years ago • 0 comments
trafficstars

Description

We would like there to be a relatively compact Go library that people can use for Sigstore bundle verification, instead of having to depend on all of sigstore/cosign.

In this iteration, the library will continue to live in sigstore/cosign, but its eventual destination is sigstore/sigstore-go (as we figure out what the API there should look like: https://github.com/sigstore/sigstore-go/issues/35).

steiza avatar Apr 17 '23 17:04 steiza