https://deploy-preview-426--docssigstore.netlify.app/language_clients/Recent content in Language Clients onHugo -- gohugo.ioSun, 06 Oct 2024 08:49:15 +0000https://deploy-preview-426--docssigstore.netlify.app/language_clients/language_client_overview/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-426--docssigstore.netlify.app/language_clients/language_client_overview/Sigstore uses Cosign to sign and verify packages by default, but you can opt to use a language specific client instead. Language client summaries are available in the main Sigstore documentation, but complete documentation is hosted in the individual project repositories. Language Client Summary Project Repository Go sigstore-go Java sigstore-java Javascript sigstore-js Python sigstore-python Ruby sigstore-ruby Rust sigstore-rshttps://deploy-preview-426--docssigstore.netlify.app/language_clients/go/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-426--docssigstore.netlify.app/language_clients/go/sigstore-go is the Go language client library for Sigstore. sigstore-go is intended as a minimal dependency library for signing and verifying. It’s not intended to replace Cosign, which provides a CLI with many features for interacting with Sigstore. Over time, cosign will use sigstore-go for verification. Friendly API for integrating Go code with Sigstore Smaller dependency tree Focuses on newly specified data structures in sigstore/protobuf-specs Perfect for simple signing and verififcation tasks sigstore-go is currently in beta.https://deploy-preview-426--docssigstore.netlify.app/language_clients/java/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-426--docssigstore.netlify.app/language_clients/java/sigstore-java is a java client for interacting with the Sigstore infrastructure. Features # Maven and Gradle signing plugins Keyless signing and verifying Java native signing and verifying API Installation # Release information for the Java client is available here. We recommend using the latest version for your install. Maven # Requires Java 11 <plugin> <groupId>dev.sigstore</groupId> <artifactId>sigstore-maven-plugin</artifactId> <version>1.0.0</version> <executions> <execution> <id>sign</id> <goals> <goal>sign</goal> </goals> </execution> </executions> </plugin> More information on the Maven build plugin is available in the project repository.https://deploy-preview-426--docssigstore.netlify.app/language_clients/javascript/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-426--docssigstore.netlify.app/language_clients/javascript/sigstore-js is a collection of javascript libraries for interacting with Sigstore. The main package,sigstore, is a JavaScript library for generating and verifying Sigstore signatures. One of the intended uses is to sign and verify npm packages but it can be used to sign and verify any file. Full project documentation can be found in the sigstore-js project README and in each package README. Features # Support for signing using an OpenID Connect identity Support for publishing signatures to a Rekor instance Support for verifying Sigstore bundles Installation # sigstore requires Node.https://deploy-preview-426--docssigstore.netlify.app/language_clients/python/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-426--docssigstore.netlify.app/language_clients/python/sigstore is a Python tool for generating and verifying Sigstore signatures. You can use it to sign and verify Python package distributions, or anything else! Full project documentation can be found in the sigstore-python project README and our API documentation. Features # Support for keyless signature generation and verification with Sigstore Support for signing with “ambient” OpenID Connect identities A comprehensive CLI and corresponding importable Python API An official GitHub Action Installation # Language client Installation # sigstore requires Python 3.https://deploy-preview-426--docssigstore.netlify.app/language_clients/ruby/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-426--docssigstore.netlify.app/language_clients/ruby/sigstore is a pure-ruby implementation of Sigstore signature verification. The project repository can be found here. Features # Pure Ruby implementation of sigstore sign and sigstore verify command from the Cosign project gem subcommand TUF client implementation Installation # sigstore requires Ruby version 3.1.0 or greater. This gem is under active development, and will not be considered stable until the 1.0 release. Release information is available here. Add Sigstore to your Gemfile:https://deploy-preview-426--docssigstore.netlify.app/language_clients/rust/Mon, 01 Jan 0001 00:00:00 +0000https://deploy-preview-426--docssigstore.netlify.app/language_clients/rust/sigstore is a crate designed to interact with Sigstore architecture. This crate is under active development, and will not be considered stable until the 1.0 release. Features # Container and binary signing and verification Fulcio integration including an OpenID Connect API All Rekor client APIs can be leveraged to interact with the transparency log Cryptographic key management Installation # Run the following command in your project directory: cargo add sigstore Or add the following to your Cargo.