sigstore-conformance is a conformance test suite for Sigstore clients. This release contains a new in-toto signing test and a related small change to the client-under-test CLI.
Changes in client-under-test CLI protocol
--in-totooption was added to thesign-bundlecommand: see details in CLI protocol reference- Clients that do not support signing DSSE envelopes can choose to xfail
test_sign_verify_dsseinstead
Improvements
- Added a test for signing in-toto statements in DSSE envelopes (#325)
- Improved reporting for https://sigstore.github.io/sigstore-conformance/ (#323)