github.com/sigstore/gitsign
go · Repository · Package
Security Advisories for github.com/sigstore/gitsign in go
Low
11 months ago
gitsign may use incorrect Rekor entries during verification
go
github.com/sigstore/gitsign
Moderate
almost 2 years ago
Gitsign's Rekor public keys fetched from upstream API instead of local TUF client.
go
github.com/sigstore/gitsign