sigstore/gitsign

Issues

• gitsign verify fails erratically (~50% of the time) when verifying timestamp signatures

  #589 opened 2 months ago by ajh-
  1

• Cache option for Windows

  #497 opened 3 months ago by Fydon
  1

• gitsign verify fails with unhandled critical extension

  #565 opened 3 months ago by adityasaky
  0

• Support running gitsign-credentials-store under Fish Shell

  #559 opened 5 months ago by ananthb
  0

• Using gitsign without rekor

  #544 opened 6 months ago by avidal
  0

• Using sigstore-go's API instead of Cosign

  #537 opened 6 months ago by haydentherapper
  0

• Support for oidc client secret config

  #365 opened 7 months ago by walmav
  1

• Gitsign attest does not support private rekor instances

  #516 opened 7 months ago by aalsabag
  0

• gitsign fails with "There was an error processing the identity token"

  #515 opened 8 months ago by ScottGarman
  2

• If a line of code is too long and breaks, the gitsign lines should be continuous.

  #506 opened 8 months ago by w1475963
  0

• newline at end of file cause trace

  #501 opened 9 months ago by zgpio
  0

• 0.8.1 did not get marked as latest release

  #451 opened a year ago by chenrui333
  2

• Use secure enclave for ephemeral key storage

  #355 opened a year ago by jalseth
  4

• Error Signing Git Commits with Keyless Github OIDC

  #291 opened 2 years ago by santhoshinty
  3

• Support Private Sigstore with ENV config only.

  #320 opened 2 years ago by ChevronTango
  16

• Native support for CLA sign-off (starting with DCO)

  #326 opened 2 years ago by marshall007
  2

• Offline verification: verify content checksum

  #317 opened 2 years ago by wlynch
  1

• Offline Verification

  #219 opened 2 years ago by wlynch
  0

• Guidance on use with JWT

  #301 opened 2 years ago by ChevronTango
  7

• gitsign verify command throws error getting certificate root: error getting targets: error getting target fulcio_intermediate_v1.crt.pem

  #293 opened 2 years ago by mawl
  4

• Support for non-keyless mode for non-interactive git commit signing (e.g., CI/CD jobs that sign git commits)

  #288 opened 2 years ago by jas4711
  3

• gitsign verify

  #241 opened 2 years ago by wlynch
  0

• Verify: require cert to match committer?

  #104 opened 2 years ago by wlynch
  7

• [doc] FAQ typo?

  #238 opened 2 years ago by y12studio
  1

• Easier credential caching

  #98 opened 2 years ago by gothka
  8

• Systemd support for gitsign-credential-cache

  #222 opened 2 years ago by iavael
  0

• Support users who SSH into a remote server

  #190 opened 2 years ago by imjasonh
  4

• gitsign timestamp cert verification broken

  #166 opened 2 years ago by wlynch
  1

• Why not use git-credential-cache?

  #194 opened 2 years ago by znewman01
  2

• Keyless signature are invalid for linux/amd64 since v0.1.0

  #202 opened 2 years ago by nicholasdille
  3

• Idea: gitsign attest

  #94 opened 2 years ago by wlynch
  6

• proposal: provenance generation and verifying attestation using cosign with new predicate type

  #105 opened 2 years ago by Dentrax
  3

• gitsign doesn't respect SIGSTORE_ROOT_FILE

  #169 opened 2 years ago by wlynch
  0

• `gitsign --version` runs only inside a git repository

  #154 opened 2 years ago by PickledDragon
  3

• Pushing to enable custom root CAs for orgs with such PKI in place

  #155 opened 2 years ago by anoncam
  3

• Gitsign doesn't support git config --global options

  #128 opened 2 years ago by wlynch
  1

• Using dot syntax in global .gitconfig causes cryptic error

  #142 opened 2 years ago by Samrose-Ahmed
  0

• tuf: warning using deprecated ecdsa hex-encoded keys

  #143 opened 2 years ago by wlynch
  1

• WSL can't be reach by redirect URL

  #103 opened 2 years ago by Typositoire
  1

• Out of band auth flow not working

  #137 opened 2 years ago by ianlewis
  0

• Missing access_token causes internal server error

  #131 opened 2 years ago by JonZeolla
  4

• Select auth provider with config

  #114 opened 2 years ago by wlynch
  2

• File based configuration

  #99 opened 2 years ago by wlynch
  0

• Verify logic refactor to make consumable by other tools

  #108 opened 2 years ago by sallyom
  1

• When rebasing, and a wrong chrome window gets the request, no easy (if any?) way to recover.

  #110 opened 2 years ago by vaikas
  4

• Idea: KMS support

  #86 opened 3 years ago by wlynch
  0

• Incorrect Rekor ID for tags

  #88 opened 3 years ago by wlynch
  0

• Cylance MaxSecure flagging gitsign_0.1.1_windows_amd64.exe as a trojan

  #79 opened 3 years ago by glennsarti
  3

• Is GitLab supported

  #78 opened 3 years ago by ChevronTango
  1

• Does gitsign support signing an annotated tag?

  #76 opened 3 years ago by simonbaird
  5