Categorygithub.com/notaryproject/notation-go
modulepackage
1.2.1
Repository: https://github.com/notaryproject/notation-go.git
Documentation: pkg.go.dev
Overview
Versions
2
Dependencies
21
Dependents
23
Files
485 SLOC

# README

notation-go

Build Status Codecov Go Reference

notation-go contains libraries for signing and verification of artifacts as per Notary Project specifications. notation-go is being used by notation CLI for signing and verifying artifacts.

notation-go reached a stable release as of July 2023 and continues to be actively developed and maintained.

Please visit README to know more about Notary Project.

[!NOTE] The Notary Project documentation is available here.

Table of Contents

Documentation

Library documentation is available at Go Reference.

Code of Conduct

This project has adopted the CNCF Code of Conduct. See CODE_OF_CONDUCT.md for further details.

License

This project is covered under the Apache 2.0 license. You can read the license here.

# Packages

Package config provides the ability to load and save config.json and signingkeys.json.
Package dir implements Notation directory structure.
Package log provides logging functionality to notation.
Package plugin provides the tooling to use the notation plugin.
Package registry provides access to signatures in a registry.
Package signer provides notation signing functionality.
Package verifier provides an implementation of notation.Verifier interface.

# Functions

Sign signs the OCI artifact and push the signature to the Repository.
Verify performs signature verification on each of the notation supported verification types (like integrity, authenticity, etc.) and return the successful signature verification outcome.

# Structs

ErrorNoApplicableTrustPolicy is used when there is no trust policy that applies to the given artifact.
ErrorPushSignatureFailed is used when failed to push signature to the target registry.
ErrorSignatureRetrievalFailed is used when notation is unable to retrieve the digital signature/s for the given artifact.
ErrorUserMetadataVerificationFailed is used when the signature does not contain the user specified metadata.
ErrorVerificationFailed is used when it is determined that the digital signature/s is not valid for the given artifact.
ErrorVerificationInconclusive is used when signature verification fails due to a runtime error (e.g.
SignerSignOptions contains parameters for Signer.Sign.
SignOptions contains parameters for notation.Sign.
ValidationResult encapsulates the verification result (passed or failed) for a verification type, including the desired verification action as specified in the trust policy.
VerificationOutcome encapsulates a signature envelope blob, its content, the verification level and results for each verification type that was performed.
VerifierVerifyOptions contains parameters for Verifier.Verify used for verifying OCI artifact.
VerifyOptions contains parameters for notation.Verify.

# Interfaces

Signer is a generic interface for signing an OCI artifact.
Verifier is a interface for verifying an OCI artifact.