sigstore-go - Sigstore tool
-artifact string
- Path to artifact to verify
-artifact-digest string
- Hex-encoded digest of artifact to verify
-artifact-digest-algorithm string
- Digest algorithm (default "sha256")
-expectedIssuer string
- The expected OIDC issuer for the signing certificate
-expectedIssuerRegex string
- The expected OIDC issuer for the signing certificate
-expectedSAN string
- The expected identity in the signing certificate's SAN extension
-expectedSANRegex string
- The expected identity in the signing certificate's SAN extension
-minBundleVersion string
- Minimum acceptable bundle version (e.g. '0.1')
-onlineTlog
- Verify Artifact Transparency log entry online (Rekor)
-publicKey string
- Path to trusted public key
-requireCTlog
- Require Certificate Transparency log entry (default true)
-requireTimestamp
- Require either an RFC3161 signed timestamp or log entry integrated
timestamp (default true)
-requireTlog
- Require Artifact Transparency log entry (Rekor) (default true)
-trustedrootJSONpath string
- Path to trustedroot JSON file (default
"examples/trusted-root-public-good.json")
-tufRootURL string
- URL of TUF root containing trusted root JSON file
-tufTrustedRoot string
- Path to the trusted TUF root.json to bootstrap trust in the remote TUF
repository