0.01
The project is in a healthy, maintained state
A CLI interface to the sigstore ruby client
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Runtime

= 0.2.1
>= 0
 Project Readme

Sigstore

This is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. It is intended to be used as a library in other Ruby projects, in additional to a gem subcommand. The project also contains a TUF client implementation, given TUF is a part of the sigstore verification flow.

Usage

$ gem sigstore_cosign_verify_bundle --bundle a.txt.sigstore \
    --certificate-identity https://github.com/sigstore-conformance/extremely-dangerous-public-oidc-beacon/.github/workflows/extremely-dangerous-oidc-beacon.yml@refs/heads/main \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    a.txt

Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake test-unit to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and the created tag, and push the .gem file to rubygems.org.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/sigstore/sigstore-ruby.

License

The gem is available as open source under the terms of the Apache 2.