{"id":17604303,"url":"https://github.com/sigstore/sigstore-rs","last_synced_at":"2025-10-05T01:46:43.461Z","repository":{"id":37927790,"uuid":"413517218","full_name":"sigstore/sigstore-rs","owner":"sigstore","description":"An experimental Rust crate for sigstore","archived":false,"fork":false,"pushed_at":"2025-09-22T09:09:27.000Z","size":1580,"stargazers_count":203,"open_issues_count":50,"forks_count":61,"subscribers_count":11,"default_branch":"main","last_synced_at":"2025-09-22T09:31:41.358Z","etag":null,"topics":["rust-lang","rust-libraries","sigstore"],"latest_commit_sha":null,"homepage":"https://docs.rs/sigstore/latest/sigstore/","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sigstore.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":"COPYRIGHT.txt","agents":null,"dco":null,"cla":null}},"created_at":"2021-10-04T17:17:07.000Z","updated_at":"2025-09-22T07:42:47.000Z","dependencies_parsed_at":"2023-02-19T00:31:21.707Z","dependency_job_id":"e1d002ea-f70e-4f3b-809e-127aefc5634a","html_url":"https://github.com/sigstore/sigstore-rs","commit_stats":{"total_commits":460,"total_committers":37,"mean_commits":"12.432432432432432","dds":0.7304347826086957,"last_synced_commit":"3be9e52c016c0b204b7958018efaf77541d70951"},"previous_names":[],"tags_count":24,"template":false,"template_full_name":null,"purl":"pkg:github/sigstore/sigstore-rs","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sigstore%2Fsigstore-rs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sigstore%2Fsigstore-rs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sigstore%2Fsigstore-rs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sigstore%2Fsigstore-rs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sigstore","download_url":"https://codeload.github.com/sigstore/sigstore-rs/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sigstore%2Fsigstore-rs/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278399606,"owners_count":25980331,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-04T02:00:05.491Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["rust-lang","rust-libraries","sigstore"],"created_at":"2024-10-22T14:08:46.153Z","updated_at":"2025-10-05T01:46:43.445Z","avatar_url":"https://github.com/sigstore.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"Continuous integration | Docs | License | Crate version | Crate downloads\n ----------------------|------|---------|---------------|-----------------\n [![Continuous integration](https://github.com/sigstore/sigstore-rs/actions/workflows/tests.yml/badge.svg)](https://github.com/sigstore/sigstore-rs/actions/workflows/tests.yml) | [![Docs](https://img.shields.io/badge/docs-%20-blue)](https://docs.rs/sigstore/latest/sigstore) |  [![License: Apache 2.0](https://img.shields.io/badge/License-Apache2.0-brightgreen.svg)](https://opensource.org/licenses/Apache-2.0) | [![Crate version](https://img.shields.io/crates/v/sigstore?style=flat-square)](https://crates.io/crates/sigstore) | [![Crate downloads](https://img.shields.io/crates/d/sigstore?style=flat-square)](https://crates.io/crates/sigstore)\n\n\nA crate to interact with [sigstore](https://sigstore.dev/).\n\nThis crate is under active development and will not be considered\nstable until the 1.0 release.\n\n## Features\n\n### Cosign Sign and Verify\n\nThe crate implements the following verification mechanisms:\n\n  * Sign using a cosign key and store the signature in a registry\n  * Verify using a given key\n  * Verify bundle produced by transparency log (Rekor)\n  * Verify signature produced in keyless mode, using Fulcio Web-PKI\n\nSignature annotations and certificate email can be provided at verification time.\n\n### Fulcio Integration\n\nFor use with Fulcio ephemeral key signing, an OpenID connect API is available,\nalong with a fulcio client implementation.\n\n### Rekor Client\n\nAll rekor client APIs can be leveraged to interact with the transparency log.\n\n### Key Interface\n\nCryptographic key management with the following key interfaces:\n\n* Generate a key pair\n* Sign data\n* Verify signature\n* Export public / (encrypted) private key in PEM / DER format\n* Import public / (encrypted) private key in PEM / DER format\n\n#### Known limitations\n\n* The crate does not handle verification of attestations yet.\n\n## Examples\n\nThe `examples` directory contains demo programs using the library.\n\n  * [`openidflow`](examples/openidflow/README.md)\n  * [`key_interface`](examples/key_interface/README.md)\n  * [`rekor`](examples/rekor/README.md)\n  * [`cosign/verify`](examples/cosign/verify/README.md)\n  * [`cosign/verify-blob`](examples/cosign/verify-blob/README.md)\n  * [`cosign/verify-bundle`](examples/cosign/verify-bundle/README.md)\n  * [`cosign/sign`](examples/cosign/sign/README.md)\n\nEach example can be executed with the `cargo run --example \u003cname\u003e` command.\n\nFor example, `openidconnect` can be run with the following command:\n\n```bash\ncargo run --example openidconnect\n```\n\n## WebAssembly/WASM support\n\nTo embedded this crate in WASM modules, build it using the `wasm` cargo feature:\n\n```bash\ncargo build --no-default-features --features wasm --target wasm32-unknown-unknown\n```\n\nNOTE: The wasm32-wasi target architecture is not yet supported.\n\n## Contributing\n\nContributions are welcome! Please see the [contributing guidelines](CONTRIBUTORS.md)\nfor more information.\n\n## Security\n\nShould you discover any security issues, please refer to sigstores [security\nprocess](https://github.com/sigstore/community/security/policy)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsigstore%2Fsigstore-rs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsigstore%2Fsigstore-rs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsigstore%2Fsigstore-rs/lists"}