Ecosyste.ms: Packages
An open API service providing package, version and dependency metadata of many open source software ecosystems and registries.
Top 0.7% on proxy.golang.org
Top 0.2% dependent packages on proxy.golang.org
Top 0.3% dependent repos on proxy.golang.org
Top 1.5% forks on proxy.golang.org
Top 0.2% docker downloads on proxy.golang.org
Top 0.2% dependent packages on proxy.golang.org
Top 0.3% dependent repos on proxy.golang.org
Top 1.5% forks on proxy.golang.org
Top 0.2% docker downloads on proxy.golang.org
proxy.golang.org : github.com/sigstore/cosign
Container Signing
Registry
-
Source
- Documentation
- JSON
purl: pkg:golang/github.com/sigstore/cosign
License: Apache-2.0
Latest release: 7 months ago
First release: about 3 years ago
Namespace: github.com/sigstore
Dependent packages: 333
Dependent repositories: 657
Stars: 3,175 on GitHub
Forks: 378 on GitHub
Docker dependents: 147
Docker downloads: 349,512,690
See more repository details: repos.ecosyste.ms
Last synced: about 13 hours ago
Low
Ecosystems: go
Packages: github.com/sigstore/cosign
Source: github
Published: over 2 years ago
GSA_kwCzR0hTQS1jY3hjLXZyNnAtNDg1OM0uIg
Improper Certificate Validation in CosignEcosystems: go
Packages: github.com/sigstore/cosign
Source: github
Published: over 2 years ago
Low
Ecosystems: go
Packages: github.com/sigstore/cosign, github.com/sigstore/cosign/v2
Source: github
Published: 7 months ago
GSA_kwCzR0hTQS12ZnA2LWpydzItOTlnOc4AA2_S
Cosign vulnerable to possible endless data attack from attacker-controlled registryEcosystems: go
Packages: github.com/sigstore/cosign, github.com/sigstore/cosign/v2
Source: github
Published: 7 months ago
Moderate
Ecosystems: go
Packages: github.com/sigstore/cosign/v2, github.com/sigstore/cosign
Source: github
Published: about 2 months ago
GSA_kwCzR0hTQS05NXByLWZ4ZjUtODZnds4AA67e
Cosign malicious artifacts can cause machine-wide DoSEcosystems: go
Packages: github.com/sigstore/cosign/v2, github.com/sigstore/cosign
Source: github
Published: about 2 months ago
Moderate
Ecosystems: go
Packages: github.com/sigstore/cosign/v2, github.com/sigstore/cosign
Source: github
Published: about 2 months ago
GSA_kwCzR0hTQS04OGp4LTM4M3EtdzRxY84AA67d
Cosign malicious attachments can cause system-wide denial of serviceEcosystems: go
Packages: github.com/sigstore/cosign/v2, github.com/sigstore/cosign
Source: github
Published: about 2 months ago
High
Ecosystems: go
Packages: github.com/sigstore/cosign
Source: github
Published: almost 2 years ago
GSA_kwCzR0hTQS12anh2LTQ1ZzktOTI5Ns4AAt51
cosign's `cosign verify-attestaton --type` can report a false positive if any attestation existsEcosystems: go
Packages: github.com/sigstore/cosign
Source: github
Published: almost 2 years ago
Moderate
Ecosystems: go
Packages: github.com/sigstore/cosign
Source: github
Published: over 1 year ago
GSA_kwCzR0hTQS04Z3c3LTRqNDItdzM4OM4AAu1s
Cosign bundle can be crafted to successfully verify a blob even if the embedded rekorBundle does not reference the given signatureEcosystems: go
Packages: github.com/sigstore/cosign
Source: github
Published: over 1 year ago