v0.4.0

Overview

• Added new sub-commands:
  • gitsign show - Prints out in-toto Statement for the specified commit.
  • gitsign attest - Stores attestations for a commit / tree in the repository.
• Fixed timestamp authority verification.
• Rekor Log entry now displayed on successful sign.
• Added fulcioRoot option for configuring private Sigstore instances.

What's Changed

• Bump github.com/sigstore/sigstore from 1.4.2 to 1.4.3 by @dependabot in #160
• Bump github.com/sigstore/cosign from 1.12.1 to 1.13.0 by @dependabot in #159
• Bump sigstore/cosign-installer from 2.7.0 to 2.8.0 by @dependabot in #158
• Bump actions/cache from 3.0.9 to 3.0.10 by @dependabot in #157
• Bump actions/checkout from 3.0.2 to 3.1.0 by @dependabot in #156
• Change limitations section to FAQ. by @wlynch in #161
• Wire up timestamp authorities option to config. by @wlynch in #162
• Bump github.com/sigstore/sigstore from 1.4.3 to 1.4.4 by @dependabot in #165
• Bump github.com/go-openapi/runtime from 0.24.1 to 0.24.2 by @dependabot in #164
• Bump actions/cache from 3.0.10 to 3.0.11 by @dependabot in #163
• Temporarily remove TSA e2e test. by @wlynch in #168
• Refactor git commit verification into its own interface. by @wlynch in #167
• Add fulcio root config option. by @wlynch in #170
• [attest] Fix spdx generation by passing through correct attestation type by @wlynch in #171
• Remove provenance type check. by @wlynch in #172
• add logo by @bobcallaway in #173
• Bump github.com/sigstore/fulcio from 0.6.0 to 1.0.0 by @dependabot in #178
• Bump sigstore/cosign-installer from 2.8.0 to 2.8.1 by @dependabot in #177
• Bump golangci/golangci-lint-action from 3.2.0 to 3.3.0 by @dependabot in #174
• Bump goreleaser/goreleaser-action from 3.1.0 to 3.2.0 by @dependabot in #175
• Bump github.com/sigstore/rekor from 0.12.2 to 1.0.0 by @dependabot in #179
• Bump actions/setup-go from 3.3.0 to 3.3.1 by @dependabot in #176
• Bump github.com/sigstore/cosign from 1.13.0 to 1.13.1 by @dependabot in #180
• README: fix typos. by @wlynch in #181
• Bump anchore/sbom-action from 0.12.0 to 0.13.0 by @dependabot in #182
• Print tlog entry on successful Rekor upload. by @wlynch in #183
• Bump anchore/sbom-action from 0.13.0 to 0.13.1 by @dependabot in #184
• Refactor commands with Cobra. by @wlynch in #185
• Bump github.com/sigstore/rekor from 1.0.0 to 1.0.1 by @dependabot in #188
• Bump github.com/spf13/cobra from 1.6.0 to 1.6.1 by @dependabot in #187
• Bump golangci/golangci-lint-action from 3.3.0 to 3.3.1 by @dependabot in #186
• bump golangci-lint to 1.50.1 by @cpanato in #189
• Add gitsign show subcommand. by @wlynch in #191
• fix typo: ommits by @imjasonh in #193
• Generate CLI docs. by @wlynch in #192
• Fix Timestamp Authority verification by @wlynch in #196
• Port gitsign-attest to cobra subcommand. by @wlynch in #195

New Contributors

• @bobcallaway made their first contribution in #173

Full Changelog: v0.3.2...v0.4.0