sigstore-js icon indicating copy to clipboard operation
sigstore-js copied to clipboard

Published 20 hours ago verified publisher icon sigstore

Support online/offline Rekor bundle verification

Open bdehamer opened this issue 1 year ago • 1 comments

Description

Part of the verification workflow should include verifying the Rekor entry. This should include support for both the offline case (where a rekor bundle is provided) and the online case (where the rekor bundle is looked-up in the transparency log).

Essentially, need to mimic the logic implemented in cosign here.

bdehamer avatar Aug 10 '22 23:08 bdehamer