Skip to content

Conversation

alopez-suse
Copy link
Contributor

@alopez-suse alopez-suse commented Apr 14, 2023

Sigstore Interface Binary - Initial Implementation

Initial implementation of the standalone verification binary that the scanner will execute. Accepts a config file containing a target image digest, verifier parameters, and signature data. Returns a list of verifiers for which there are satisfactory signatures.

Features

  • Defined API
  • Keyless verification
  • Local key-pair verification
  • Custom root trust
    • Rekor public keys(s)
    • Root cert
    • SCT public key(s)
  • README

@alopez-suse
Copy link
Contributor Author

The two important files are main.go and testing/serialize-signature.go. The first holds the implementation, the second is a script that will serialize an OCI image containing the cosign signatures for a given image reference. These serialized signatures are one of the two arguments passed to the verification binary.

@alopez-suse alopez-suse changed the title NVSHAS-6217: initial verification binary NVSHAS-6217: Sigstore Interface Binary - Initial Implementation Apr 19, 2023
@becitsthere becitsthere merged commit 032db34 into neuvector:main May 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants