Package dev.sigstore.plugin
package dev.sigstore.plugin
-
ClassDescriptionHelper to decode Fulcio OID data, see Sigstore OID information.Goal which: generates ephemeral key pair gets OIDC token and associated email requests code signing certificate from sigstore Fulcio signs the JAR file (with
jarsigner
) publishes signed JAR file (that contains the signature per JAR signing spec) to sigstore RekorSign project artifact, the POM, and attached artifacts with sigstore for deployment.