@sigstore/cli
Advanced tools
CLI for creating and verifying Sigstore bundles.
$ npm install -g @sigstore/cli
$ sigstore COMMAND
running command...
$ sigstore (--version)
@sigstore/cli/0.1.0 linux-x64 node-v16.20.0
$ sigstore --help [COMMAND]
USAGE
$ sigstore COMMAND
...
sigstore attest FILEattest the supplied file
USAGE
$ sigstore attest FILE [--json] [--fulcio-url <value>] [--rekor-url <value>] [--tsa-server-url <value>]
[--tlog-upload] [--oidc-client-id <value>] [--oidc-client-secret <value>] [--oidc-issuer <value>]
[--oidc-redirect-url <value>] [-t <value>] [-o <value>]
ARGUMENTS
FILE file to attest
FLAGS
-o, --output-file=<value> write output to file
-t, --payload-type=<value> [default: application/vnd.in-toto+json] MIME or content type to apply to the DSSE
envelope
--fulcio-url=<value> [default: https://fulcio.sigstore.dev] URL to the Sigstore PKI server
--oidc-client-id=<value> [default: sigstore] OIDC client ID for application
--oidc-client-secret=<value> OIDC client secret for application
--oidc-issuer=<value> [default: https://oauth2.sigstore.dev/auth] OIDC provider to be used to issue ID token
--oidc-redirect-url=<value> OIDC redirect URL
--rekor-url=<value> [default: https://rekor.sigstore.dev] URL to the Rekor transparency log
--[no-]tlog-upload whether or not to upload entry to the transparency log
--tsa-server-url=<value> URL to the Timestamping Authority
GLOBAL FLAGS
--json Format output as json.
DESCRIPTION
attest the supplied file
EXAMPLES
$ sigstore attest ./statement.json
sigstore help [COMMANDS]Display help for sigstore.
USAGE
$ sigstore help [COMMANDS] [-n]
ARGUMENTS
COMMANDS Command to show help for.
FLAGS
-n, --nested-commands Include all nested commands in the output.
DESCRIPTION
Display help for sigstore.
sigstore verify BUNDLEverify the supplied .sigstore bundle file
USAGE
$ sigstore verify BUNDLE [--json] [--tlog-threshold <value>] [--ctlog-threshold <value>]
ARGUMENTS
BUNDLE bundle to verify
FLAGS
--ctlog-threshold=<value> [default: 1] number of certificate transparency log entries required to verify
--tlog-threshold=<value> [default: 1] number of transparency log entries required to verify
GLOBAL FLAGS
--json Format output as json.
DESCRIPTION
verify the supplied .sigstore bundle file
EXAMPLES
$ sigstore verify ./bundle.sigstore
FAQs
Sigstore CLI
The npm package @sigstore/cli receives a total of 4,550 weekly downloads. As such, @sigstore/cli popularity was classified as popular.
We found that @sigstore/cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Bybit's $1.46B hack by North Korea's Lazarus Group pushes 2025 crypto losses to $1.6B in just two months, already surpassing all of 2024's $1.49B total.
Security News
OpenSSF has published OSPS Baseline, an initiative designed to establish a minimum set of security-related best practices for open source software projects.
Security News
Michigan TypeScript founder Dimitri Mitropoulos implements WebAssembly runtime in TypeScript types, enabling Doom to run after processing 177 terabytes of type definitions.