Ruby

sigstore is a pure-ruby implementation of Sigstore signature verification.

The project repository can be found here.

Features

  • Pure Ruby implementation of sigstore sign and sigstore verify command from the Cosign project
  • gem subcommand
  • TUF client implementation

Installation

sigstore requires Ruby version 3.1.0 or greater.

This gem is under active development, and will not be considered stable until the 1.0 release.

Release information is available here.

Add sigstore to your Gemfile:

gem 'sigstore', '~> 0.1.1'

Install sigstore:

gem install sigstore

Example 

gem sigstore_cosign_verify_bundle --bundle a.txt.sigstore \
    --certificate-identity https://github.com/sigstore-conformance/extremely-dangerous-public-oidc-beacon/.github/workflows/extremely-dangerous-oidc-beacon.yml@refs/heads/main \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    a.txt
Edit this page on GitHub
← Python
Rust →