Ecosyste.ms: Packages

An open API service providing package, version and dependency metadata of many open source software ecosystems and registries.

Top 0.8% on proxy.golang.org
Top 0.4% dependent packages on proxy.golang.org
Top 0.4% dependent repos on proxy.golang.org
Top 1.5% forks on proxy.golang.org
Top 0.6% docker downloads on proxy.golang.org

proxy.golang.org : github.com/sigstore/cosign/v2

Container Signing

Registry - Source - Documentation - JSON
purl: pkg:golang/github.com/sigstore/cosign/v2
License: Apache-2.0
Latest release: 6 months ago
First release: over 1 year ago
Namespace: github.com/sigstore/cosign
Dependent packages: 152
Dependent repositories: 301
Stars: 3,276 on GitHub
Forks: 394 on GitHub
Docker dependents: 101
Docker downloads: 10,381,554
See more repository details: repos.ecosyste.ms
Last synced: 3 days ago

Low

GSA_kwCzR0hTQS12ZnA2LWpydzItOTlnOc4AA2_S

Cosign vulnerable to possible endless data attack from attacker-controlled registry
Ecosystems: go
Packages: github.com/sigstore/cosign, github.com/sigstore/cosign/v2
Source: github
Published: 7 months ago

Moderate

GSA_kwCzR0hTQS05NXByLWZ4ZjUtODZnds4AA67e

Cosign malicious artifacts can cause machine-wide DoS
Ecosystems: go
Packages: github.com/sigstore/cosign/v2, github.com/sigstore/cosign
Source: github
Published: about 2 months ago

Moderate

GSA_kwCzR0hTQS04OGp4LTM4M3EtdzRxY84AA67d

Cosign malicious attachments can cause system-wide denial of service
Ecosystems: go
Packages: github.com/sigstore/cosign/v2, github.com/sigstore/cosign
Source: github
Published: about 2 months ago