@bdehamer/sigstore
Advanced tools
oclif example Hello World CLI
$ npm install -g @bdehamer/sigstore
$ sigstore COMMAND
running command...
$ sigstore (--version)
@bdehamer/sigstore/0.0.3 darwin-arm64 node-v18.12.1
$ sigstore --help [COMMAND]
USAGE
$ sigstore COMMAND
...
sigstore attest FILEattest the supplied file
USAGE
$ sigstore attest FILE [--json] [--fulcio-url <value>] [--rekor-url <value>] [--tsa-url <value>]
[--tlog-upload] [--oidc-client-id <value>] [--oidc-issuer <value>] [--oidc-redirect-url <value>] [-t <value>] [-o
<value>]
ARGUMENTS
FILE file to attest
FLAGS
-o, --output-file=<value> write output to file
-t, --type=<value> [default: application/vnd.in-toto+json] type to apply to the DSSE envelope
--fulcio-url=<value> [default: https://fulcio.sigstore.dev] URL to the Sigstore PKI server
--oidc-client-id=<value> [default: sigstore] OIDC client ID for application
--oidc-issuer=<value> [default: https://oauth2.sigstore.dev/auth] OIDC provider to be used to issue ID token
--oidc-redirect-url=<value> OIDC redirect URL
--rekor-url=<value> [default: https://rekor.sigstore.dev] URL to the Rekor transparency log
--tlog-upload whether or not to upload entry to the transparency log
--tsa-url=<value> URL to the Timestamping Authority
GLOBAL FLAGS
--json Format output as json.
DESCRIPTION
attest the supplied file
EXAMPLES
$ sigstore attest
See code: dist/commands/attest.ts
sigstore help [COMMANDS]Display help for sigstore.
USAGE
$ sigstore help [COMMANDS] [-n]
ARGUMENTS
COMMANDS Command to show help for.
FLAGS
-n, --nested-commands Include all nested commands in the output.
DESCRIPTION
Display help for sigstore.
See code: @oclif/plugin-help
sigstore verify ARTIFACTdescribe the command here
USAGE
$ sigstore verify ARTIFACT --bundle <value> [--tlog-threshold <value>] [--ctlog-threshold <value>]
ARGUMENTS
ARTIFACT bundle to verify
FLAGS
--bundle=<value> (required) the Sigstore bundle containing the verification material
--ctlog-threshold=<value> [default: 1] number of certificate transparency log entries required to verify
--tlog-threshold=<value> [default: 1] number of transparency log entries required to verify
DESCRIPTION
describe the command here
EXAMPLES
$ sigstore verify
See code: dist/commands/verify.ts
sigstore verify bundle [FILE]describe the command here
USAGE
$ sigstore verify bundle [FILE] [-n <value>] [-f]
ARGUMENTS
FILE file to read
FLAGS
-f, --force
-n, --name=<value> name to print
DESCRIPTION
describe the command here
EXAMPLES
$ sigstore verify bundle
FAQs
Sigstore CLI
We found that @bdehamer/sigstore demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.