sigstore-js
sigstore-js copied to clipboard
Support online/offline Rekor bundle verification
Description
Part of the verification workflow should include verifying the Rekor entry. This should include support for both the offline case (where a rekor bundle is provided) and the online case (where the rekor bundle is looked-up in the transparency log).
Essentially, need to mimic the logic implemented in cosign here.