Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: audit signatures verifies attestations #6153

Merged
merged 2 commits into from
Feb 14, 2023
Merged

feat: audit signatures verifies attestations #6153

merged 2 commits into from
Feb 14, 2023

Commits on Feb 14, 2023

  1. deps: [email protected]

    Signed-off-by: Philip Harrison <[email protected]>
    feelepxyz committed Feb 14, 2023
    Configuration menu
    Copy the full SHA
    935e003 View commit details
    Browse the repository at this point in the history
  2. feat: audit signatures verifies attestations

    Update `audit signatures` to also verify Sigstore attestations.
    
    Additional changes:
    - Adding error message to json error output as there are a lot of different failure cases with signature verification that would be hard to debug without this
    - Adding predicateType to json error output for attestations to diffentiate between provenance and publish attestations
    
    References:
    - Pacote changes: npm/pacote#259
    - RFC: npm/rfcs#626
    
    Signed-off-by: Philip Harrison <[email protected]>
    feelepxyz committed Feb 14, 2023
    Configuration menu
    Copy the full SHA
    e081d67 View commit details
    Browse the repository at this point in the history