rekor

package

v0.0.0-...-dec600e Latest Latest Go to latest Published: Apr 30, 2024 License: Apache-2.0 Imports: 33 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/sigstore/rekor-monitor

Links

Open Source Insights

Documentation ¶

Index ¶

func GetEntriesByIndexRange(ctx context.Context, rekorClient *client.Rekor, start, end int) ([]models.LogEntry, error)
func GetLogInfo(ctx context.Context, rekorClient *client.Rekor) (*models.LogInfo, error)
func GetLogVerifier(ctx context.Context, rekorClient *client.Rekor) (signature.Verifier, error)
func GetPublicKey(ctx context.Context, rekorClient *client.Rekor) ([]byte, error)
type CertificateIdentity
type IdentityEntry
- func MatchedIndices(logEntries []models.LogEntry, mvs MonitoredValues) ([]IdentityEntry, error)
- func (e *IdentityEntry) String() string
type MonitoredValues

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetEntriesByIndexRange ¶

func GetEntriesByIndexRange(ctx context.Context, rekorClient *client.Rekor, start, end int) ([]models.LogEntry, error)

GetEntriesByIndexRange fetches all entries by log index, from (start, end] If start == end, returns a single entry for that index Returns error if start > end

func GetLogInfo ¶

func GetLogInfo(ctx context.Context, rekorClient *client.Rekor) (*models.LogInfo, error)

GetLogInfo fetches a stable checkpoint for each log shard

func GetLogVerifier ¶

func GetLogVerifier(ctx context.Context, rekorClient *client.Rekor) (signature.Verifier, error)

GetLogVerifier creates a verifier from the log's public key TODO: Fetch the public key from TUF

func GetPublicKey ¶

func GetPublicKey(ctx context.Context, rekorClient *client.Rekor) ([]byte, error)

GetPublicKey fetches the current public key from Rekor

Types ¶

type CertificateIdentity ¶

type CertificateIdentity struct {
	CertSubject string   `yaml:"certSubject"`
	Issuers     []string `yaml:"issuers"`
}

CertificateIdentity holds a certificate subject and an optional list of identity issuers

type IdentityEntry ¶

type IdentityEntry struct {
	CertSubject string
	Issuer      string
	Fingerprint string
	Subject     string
	Index       int64
	UUID        string
}

IdentityEntry holds a certificate subject, issuer, and log entry metadata

func MatchedIndices ¶

func MatchedIndices(logEntries []models.LogEntry, mvs MonitoredValues) ([]IdentityEntry, error)

MatchedIndices returns a list of log indices that contain the requested identities.

func (*IdentityEntry) String ¶

func (e *IdentityEntry) String() string

type MonitoredValues ¶

type MonitoredValues struct {
	// CertificateIdentities contains a list of subjects and issuers
	CertificateIdentities []CertificateIdentity `yaml:"certIdentities"`
	// Fingerprints contains a list of key fingerprints. Values are as follows:
	// For keys, certificates, and minisign, hex-encoded SHA-256 digest
	// of the DER-encoded PKIX public key or certificate
	// For SSH and PGP, the standard for each ecosystem:
	// For SSH, unpadded base-64 encoded SHA-256 digest of the key
	// For PGP, hex-encoded SHA-1 digest of a key, which can be either
	// a primary key or subkey
	Fingerprints []string `yaml:"fingerprints"`
	// Subjects contains a list of subjects that are not specified in a
	// certificate, such as a SSH key or PGP key email address
	Subjects []string `yaml:"subjects"`
}

MonitoredValues holds a set of values to compare against a given entry

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
mock

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL