sigstore-maven-plugin

This is a Maven plugin that can be used to use the "keyless" signing paradigm supported by Sigstore to sign JAR file with jarsigner.

Full sign goal documentation is available here, but you can quickly take advantage of the plugin by adding the following configuration into your Maven pom.xml file:

      <plugin>
        <groupId>dev.sigstore</groupId>
        <artifactId>sigstore-maven-plugin</artifactId>
        <version>1.0-SNAPSHOT</version>
        <executions>
          <execution>
            <id>sigstore-sign</id>
            <goals>
              <goal>sign</goal>
            </goals>
            <!-- optional configuration parameters; sensible defaults are chosen
            <configuration>
              <emailAddress>YOUR-EMAIL-ADDRESS-HERE</emailAddress>
              <outputSigningCert>signingCert.pem</outputSigningCert>
              <sslVerification>false</sslVerification>
            </configuration>
            -->
          </execution>
        </executions>
      </plugin>

Name		Name	Last commit message	Last commit date
Latest commit History 68 Commits
.github		.github
src		src
.gitignore		.gitignore
CODEOWNERS		CODEOWNERS
COPYRIGHT.txt		COPYRIGHT.txt
LICENSE		LICENSE
README.md		README.md
pom.xml		pom.xml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

sigstore-maven-plugin

About

Releases

Packages

Languages

License

bobcallaway/sigstore-maven-plugin

Folders and files

Latest commit

History

Repository files navigation

sigstore-maven-plugin

About

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages