v0.4.0
Overview
- Added new sub-commands:
gitsign show
- Prints out in-toto Statement for the specified commit.gitsign attest
- Stores attestations for a commit / tree in the repository.
- Fixed timestamp authority verification.
- Rekor Log entry now displayed on successful sign.
- Added
fulcioRoot
option for configuring private Sigstore instances.
What's Changed
- Bump github.com/sigstore/sigstore from 1.4.2 to 1.4.3 by @dependabot in #160
- Bump github.com/sigstore/cosign from 1.12.1 to 1.13.0 by @dependabot in #159
- Bump sigstore/cosign-installer from 2.7.0 to 2.8.0 by @dependabot in #158
- Bump actions/cache from 3.0.9 to 3.0.10 by @dependabot in #157
- Bump actions/checkout from 3.0.2 to 3.1.0 by @dependabot in #156
- Change limitations section to FAQ. by @wlynch in #161
- Wire up timestamp authorities option to config. by @wlynch in #162
- Bump github.com/sigstore/sigstore from 1.4.3 to 1.4.4 by @dependabot in #165
- Bump github.com/go-openapi/runtime from 0.24.1 to 0.24.2 by @dependabot in #164
- Bump actions/cache from 3.0.10 to 3.0.11 by @dependabot in #163
- Temporarily remove TSA e2e test. by @wlynch in #168
- Refactor git commit verification into its own interface. by @wlynch in #167
- Add fulcio root config option. by @wlynch in #170
- [attest] Fix spdx generation by passing through correct attestation type by @wlynch in #171
- Remove provenance type check. by @wlynch in #172
- add logo by @bobcallaway in #173
- Bump github.com/sigstore/fulcio from 0.6.0 to 1.0.0 by @dependabot in #178
- Bump sigstore/cosign-installer from 2.8.0 to 2.8.1 by @dependabot in #177
- Bump golangci/golangci-lint-action from 3.2.0 to 3.3.0 by @dependabot in #174
- Bump goreleaser/goreleaser-action from 3.1.0 to 3.2.0 by @dependabot in #175
- Bump github.com/sigstore/rekor from 0.12.2 to 1.0.0 by @dependabot in #179
- Bump actions/setup-go from 3.3.0 to 3.3.1 by @dependabot in #176
- Bump github.com/sigstore/cosign from 1.13.0 to 1.13.1 by @dependabot in #180
- README: fix typos. by @wlynch in #181
- Bump anchore/sbom-action from 0.12.0 to 0.13.0 by @dependabot in #182
- Print tlog entry on successful Rekor upload. by @wlynch in #183
- Bump anchore/sbom-action from 0.13.0 to 0.13.1 by @dependabot in #184
- Refactor commands with Cobra. by @wlynch in #185
- Bump github.com/sigstore/rekor from 1.0.0 to 1.0.1 by @dependabot in #188
- Bump github.com/spf13/cobra from 1.6.0 to 1.6.1 by @dependabot in #187
- Bump golangci/golangci-lint-action from 3.3.0 to 3.3.1 by @dependabot in #186
- bump golangci-lint to 1.50.1 by @cpanato in #189
- Add
gitsign show
subcommand. by @wlynch in #191 - fix typo: ommits by @imjasonh in #193
- Generate CLI docs. by @wlynch in #192
- Fix Timestamp Authority verification by @wlynch in #196
- Port gitsign-attest to cobra subcommand. by @wlynch in #195
New Contributors
- @bobcallaway made their first contribution in #173
Full Changelog: v0.3.2...v0.4.0