Releases: in-toto/witness
Releases · in-toto/witness
v0.10.1
Changelog
Changes from go-witness v0.9.1
- feat(schemagen): only update schema files when content changes by @colek42 in in-toto/go-witness#506
- feat: add MultiExporter interface for multiple attestation exports by @colek42 in in-toto/go-witness#507
- feat(attestation): adds aws codebuild attestor by @kriscoleman in in-toto/go-witness#477
- fix(ci): updates tsa server url and ca by @kriscoleman in in-toto/go-witness#531
- added test for gitlab attestation by @manzil-infinity180 in in-toto/go-witness#553
- log failed attestor name for better debugging by @rabajaj0509 in in-toto/go-witness#565
- feat: Add Azure Key Vault KMS core implementation by @fkautz in in-toto/go-witness#529
- signer/file: add passphrase support for encrypted PKCS#8 keys; add tests by @fkautz in in-toto/go-witness#564
- fix(fulcio): improve fulcio signer resilience and error handling by @kriscoleman in in-toto/go-witness#568
- add the current valid AWS certs to valid AWS identity documents by @jkjell in in-toto/go-witness#576
Bug fixes
- 143f0e7: fix: gitignore profile.cov file (#632) (@manzil-infinity180)
- b23aebc: fix: links in the concepts/attestor (#646) (@manzil-infinity180)
- c007331: fix(docs): witness run cmd in kms (#656) (@manzil-infinity180)
Documentation
- 34f5f2d: docs: add TestifySec sponsorship to README (#607) (@colek42)
- 43209a6: docs: added development steps to CONTRIBUTING.MD (#642) (@manzil-infinity180)
- 8457db6: docs: add azure key vault (#665) (@manzil-infinity180)
Others
- 65e9180: Make getting started the first item. (#624) (@matglas)
- 57538fa: Remove announcement bar with docs survey callout (#626) (@ChaosInTheCRD)
- b0ffd87: test: added for the options/sign.go (#637) (@manzil-infinity180)
- 4a6fc81: test: added for the options/root.go (#638) (@manzil-infinity180)
- 27138ac: test: add cmd/version.go (#633) (@manzil-infinity180)
- 2ded5fb: test: added for the options/verify.go (#640) (@manzil-infinity180)
- 16d15de: fix the link of Sigstore Cosign project (#647) (@manzil-infinity180)
- 00c6bda: add docker attester usage docs (#653) (@rabajaj0509)
- 6db12a8: test: add for the options/run.go (#641) (@manzil-infinity180)
- 38ffa99: fix the favicon path in docusaurus config file (#669) (@manzil-infinity180)
- ba902d8: Update to v0.9.1 of go-witness (#672) (@jkjell)
Contributors
jkjell, fkautz, and 6 other contributors
Assets 47
- 13.5 MB
2025-10-15T18:37:45Z - 3.07 KB
2025-10-15T18:37:48Z - 2.86 MB
2025-10-15T18:37:46Z - 3.07 KB
2025-10-15T18:37:50Z - 96 Bytes
2025-10-15T18:37:49Z - 96 Bytes
2025-10-15T18:37:48Z - 1.39 KB
2025-10-15T18:37:47Z - 3.07 KB
2025-10-15T18:37:50Z - 96 Bytes
2025-10-15T18:37:50Z - 20.9 MB
2025-10-15T18:37:43Z -
2025-10-15T18:25:20Z -
2025-10-15T18:25:20Z - Loading
v0.10.0
Immutable
release. Only release title and notes can be modified.
Changelog
Features
- 2ad5fe1: feat(test): added test for SignCmd (#635) (@manzil-infinity180)
- a4a3afb: feat(test): added test for log.go (#636) (@manzil-infinity180)
- 5927c64: feat: added test for the cmd/attestors and cmd/completion (#650) (@manzil-infinity180)
Bug fixes
- 143f0e7: fix: gitignore profile.cov file (#632) (@manzil-infinity180)
- b23aebc: fix: links in the concepts/attestor (#646) (@manzil-infinity180)
- c007331: fix(docs): witness run cmd in kms (#656) (@manzil-infinity180)
Documentation
- 34f5f2d: docs: add TestifySec sponsorship to README (#607) (@colek42)
- 43209a6: docs: added development steps to CONTRIBUTING.MD (#642) (@manzil-infinity180)
- 8457db6: docs: add azure key vault (#665) (@manzil-infinity180)
Others
- bd04d3b: chore: bump the all-gha group with 5 updates (#601) (@dependabot[bot])
- d27ff8a: chore: bump github.com/olekukonko/tablewriter from 0.0.5 to 1.0.2 in the all-go-mod group (#597) (@dependabot[bot])
- 95bb89d: chore: bump ossf/scorecard-action from 2.4.1 to 2.4.2 in the all-gha group (#603) (@dependabot[bot])
- 9b8f2e0: chore: bump github.com/olekukonko/tablewriter from 1.0.6 to 1.0.7 in the all-go-mod group (#604) (@dependabot[bot])
- abedf58: Update README with origin statement and support information (#611) (@colek42)
- 3fb4da0: chore: bump github/codeql-action from 3.28.18 to 3.28.19 in the all-gha group (#610) (@dependabot[bot])
- 94769a4: chore: bump the all-gha group with 3 updates (#614) (@dependabot[bot])
- d99fae8: chore: bump k8s.io/apimachinery from 0.33.1 to 0.33.2 in the all-go-mod group (#615) (@dependabot[bot])
- 48d4756: chore: bump sigstore/cosign-installer from 3.8.2 to 3.9.0 in the all-gha group (#616) (@dependabot[bot])
- 8c2b5bd: chore: bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 in the go_modules group (#617) (@dependabot[bot])
- d585ad8: chore: bump the all-gha group with 2 updates (#618) (@dependabot[bot])
- f600048: chore: bump github.com/olekukonko/tablewriter from 1.0.7 to 1.0.8 in the all-go-mod group (#619) (@dependabot[bot])
- 8b77986: chore: bump the all-gha group with 3 updates (#620) (@dependabot[bot])
- cd5498e: chore: bump the all-gha group with 3 updates (#621) (@dependabot[bot])
- f31243b: chore: bump the all-go-mod group with 2 updates (#622) (@dependabot[bot])
- 6a3aa8a: chore: bump form-data from 4.0.1 to 4.0.4 in /docs-website in the npm_and_yarn group across 1 directory (#623) (@dependabot[bot])
- d616c95: chore: bump the all-gha group with 3 updates (#625) (@dependabot[bot])
- 65e9180: Make getting started the first item. (#624) (@matglas)
- 57538fa: Remove announcement bar with docs survey callout (#626) (@ChaosInTheCRD)
- 42f88d4: chore: bump github/codeql-action from 3.29.4 to 3.29.5 in the all-gha group (#628) (@dependabot[bot])
- 27982d2: chore: bump github.com/olekukonko/tablewriter from 1.0.8 to 1.0.9 in the all-go-mod group (#629) (@dependabot[bot])
- 57c4500: chore: bump the all-gha group with 4 updates (#630) (@dependabot[bot])
- b0ffd87: test: added for the options/sign.go (#637) (@manzil-infinity180)
- d762d03: chore: bump k8s.io/apimachinery from 0.33.3 to 0.33.4 in the all-go-mod group (#644) (@dependabot[bot])
- d616c78: chore: bump the all-gha group with 3 updates (#643) (@dependabot[bot])
- 4a6fc81: test: added for the options/root.go (#638) (@manzil-infinity180)
- 27138ac: test: add cmd/version.go (#633) (@manzil-infinity180)
- 2ded5fb: test: added for the options/verify.go (#640) (@manzil-infinity180)
- a36653e: chore: bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 in the go_modules group (#645) (@dependabot[bot])
- 6f458cf: chore: bump github.com/stretchr/testify from 1.10.0 to 1.11.0 in the all-go-mod group (#648) (@dependabot[bot])
- e3d30f7: chore: bump the all-gha group with 3 updates (#649) (@dependabot[bot])
- 16d15de: fix the link of Sigstore Cosign project (#647) (@manzil-infinity180)
- 9a43c2b: chore: bump actions/dependency-review-action from 4.7.2 to 4.7.3 in the all-gha group (#652) (@dependabot[bot])
- 00c6bda: add docker attester usage docs (#653) (@rabajaj0509)
- 6db12a8: test: add for the options/run.go (#641) (@manzil-infinity180)
- 1d95648: chore: bump axios from 1.8.2 to 1.12.1 in /docs-website in the npm_and_yarn group across 1 directory (#658) (@dependabot[bot])
- 7ed05f2: chore: bump the all-go-mod group across 1 directory with 6 updates (#662) (@dependabot[bot])
- a96fbfb: chore: bump the all-gha group with 7 updates (#664) (@dependabot[bot])
- dd170dd: chore: bump the all-gha group with 3 updates (#667) (@dependabot[bot])
- 38ffa99: fix the favicon path in docusaurus config file (#669) (@manzil-infinity180)
- 0134527: chore: bump the all-gha group with 2 updates (#670) (@dependabot[bot])
- 9a344c6: Update go-witness version (#671) (@jkjell)
- ba902d8: Update to v0.9.1 of go-witness (#672) (@jkjell)
Contributors
jkjell, matglas, and 5 other contributors
Assets 3
v0.9.2
Changelog
Features
- 9dbd5b6: feat: add ability to pass headers when making requests to archivista (#600) (@mikhailswift)
Documentation
- 03feedc: docs: fix markdown (#590) (@suzuki-shunsuke)
Others
- 3b0efb7: chore: bump golang.org/x/net from 0.37.0 to 0.38.0 in the go_modules group (#586) (@dependabot[bot])
- 7c05fad: chore: bump github/codeql-action from 3.28.13 to 3.28.15 in the all-gha group (#589) (@dependabot[bot])
- 67d820e: chore: updates to go-witness 0.8.4 (#593) (@mikhailswift)
- 1d9eaa5: chore: updates workflows to use witness v0.9.1 (#594) (@mikhailswift)
- 478652e: chore: bump the all-gha group with 5 updates (#591) (@dependabot[bot])
- 01dee0d: chore: bump the all-gha group with 2 updates (#595) (@dependabot[bot])
- 6578c09: chore: bump github.com/open-policy-agent/opa from 1.3.0 to 1.4.0 in the go_modules group (#596) (@dependabot[bot])
- bd820bb: chore: bump the all-gha group with 2 updates (#598) (@dependabot[bot])
- 51a2b45: chore: bump undici from 6.21.1 to 6.21.3 in /docs-website in the npm_and_yarn group across 1 directory (#599) (@dependabot[bot])
Contributors
mikhailswift, suzuki-shunsuke, and dependabot
Assets 47
v0.9.1
Changelog
Documentation
- 03feedc: docs: fix markdown (#590) (@suzuki-shunsuke)
Others
- 3b0efb7: chore: bump golang.org/x/net from 0.37.0 to 0.38.0 in the go_modules group (#586) (@dependabot[bot])
- 7c05fad: chore: bump github/codeql-action from 3.28.13 to 3.28.15 in the all-gha group (#589) (@dependabot[bot])
- 67d820e: chore: updates to go-witness 0.8.4 (#593) (@mikhailswift)
- 470e889: chore: updates workflows to use witness v0.9.1-rc1 (@mikhailswift)
Contributors
mikhailswift, suzuki-shunsuke, and dependabot
Assets 47
v0.9.0
Changelog
Others
- 449c4e4: chore: fix some comments (#569) (@linghuying)
- 79e5681: chore: bump the all-gha group across 1 directory with 8 updates (#572) (@dependabot[bot])
- 3d991a3: chore: bump the all-go-mod group with 2 updates (#566) (@dependabot[bot])
- 34cb841: chore: bump golang.org/x/net from 0.34.0 to 0.36.0 in the go_modules group (#565) (@dependabot[bot])
- 9418116: chore: bump prismjs from 1.29.0 to 1.30.0 in /docs-website in the npm_and_yarn group across 1 directory (#564) (@dependabot[bot])
- 76cf46d: chore: bump github.com/spf13/viper from 1.20.0 to 1.20.1 in the all-go-mod group (#574) (@dependabot[bot])
- 656ba04: chore: bump the npm_and_yarn group across 1 directory with 3 updates (#576) (@dependabot[bot])
- 98356bf: Update affiliation (#579) (@)
- c8b27fd: chore: bump image-size from 1.1.1 to 1.2.1 in /docs-website in the npm_and_yarn group across 1 directory (#578) (@dependabot[bot])
- 4ac699b: chore: bump estree-util-value-to-estree from 3.2.1 to 3.3.3 in /docs-website in the npm_and_yarn group across 1 directory (#581) (@dependabot[bot])
- 8253eef: chore: bump the all-gha group across 1 directory with 4 updates (#580) (@dependabot[bot])
- 0218622: chore: bump github.com/sigstore/fulcio from 1.6.6 to 1.7.0 in the all-go-mod group (#582) (@dependabot[bot])
- 4ebb0e7: chore: update to go-witness v0.8.3, remove unneeded replace directives (#583) (@mikhailswift)
- c674871: changed --env-exclude-sensitive-key to --env-allow-sensitive-key (#563) (@Horiodino)
- 7f91b00: chore: bump http-proxy-middleware from 2.0.7 to 2.0.9 in /docs-website in the npm_and_yarn group across 1 directory (#585) (@dependabot[bot])
Contributors
mikhailswift, dependabot, and 2 other contributors
Assets 47
v0.8.1
Changelog
Fix
- --dirhash-glob fails with symlinked directories (in-toto/go-witness#442) by @jrampon in in-toto/go-witness#445
Others
- dc8550b: chore: Add documentation on environment attestor (#555) (@matglas)
- ac0a137: chore: bump the all-gha group with 6 updates (#554) (@dependabot[bot])
- ae7b73b: chore: bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 in the go_modules group (#557) (@dependabot[bot])
- 89faf44: chore: bump github.com/go-jose/go-jose/v3 from 3.0.3 to 3.0.4 in the go_modules group (#558) (@dependabot[bot])
- 999722c: chore: bump the all-gha group with 2 updates (#559) (@dependabot[bot])
- 4f6a03e: chore: bump axios from 1.7.8 to 1.8.2 in /docs-website in the npm_and_yarn group across 1 directory (#560) (@dependabot[bot])
- ee0f1e4: chore: bump github.com/in-toto/go-witness from 0.8.0 to 0.8.1 in the all-go-mod group (#562) (@dependabot[bot])
- a16c4f9: chore: bump github/codeql-action from 3.28.10 to 3.28.11 in the all-gha group (#561) (@dependabot[bot])
Contributors
jrampon, matglas, and dependabot
Assets 47
v0.8.0
Changelog
Features
go-witness v0.8.0
- feat: New environment variable obfuscation functionality by @matglas in in-toto/go-witness#355
- feat: Add lockfile attestor by @fkautz in in-toto/go-witness#370
- bug(fulcio): Fixes Witness #535 by @jkjell in in-toto/go-witness#402
Others
Contributors
jkjell, fkautz, and matglas
Assets 47
v0.7.0
Changelog
Features
- 266144d: feat: add cpu and memory profiling (#504) (@mikhailswift)
- 33946bb: Adding functionality for dirhash in cli (#436) (@matglas)
Update to go-witness v0.7.0 #530
- better concurrency support on Linux by @joshdabosh in in-toto/go-witness#306
- improve SPDX and CycloneDX JSON SBOM format detection by @joshdabosh in in-toto/go-witness#322
- fix: Passing kms provider options down to initialisation of functionaries by @ChaosInTheCRD in in-toto/go-witness#292
- fix: golangci-lint failing due nil check by @kairoaraujo in in-toto/go-witness#333
- add jenkins attestor by @joshdabosh in in-toto/go-witness#323
- Adding functionality for dirhash in library by @matglas in in-toto/go-witness#223
- test: add additional policy verification test by @mikhailswift in in-toto/go-witness#341
- chore: Improve the git status speed. by @matglas in in-toto/go-witness#359
- Test/more policy tests by @mikhailswift in in-toto/go-witness#345
- address feedback from governance review by @jkjell in in-toto/go-witness#394
Documentation
- 97e2e04: docs: update Makefile help (#505) (@kairoaraujo)
Others
- 29117fc: prevent early return in verifier (#484) (@joshdabosh)
- 25e05d5: chore: Allow make build-goreleaser for convenience. (#503) (@matglas)
- 18dad87: Add pem as output of goreleaser sign for verification. (#508) (@matglas)
- 782ef81: address feedback from governance review (#528) (@jkjell)
- 1af18d4: chore: Add install tutorial with cosign check (#506) (@matglas)
- c077bfe: Use /usr/local/bin for witness install (#531) (@jkjell)
Contributors
jkjell, kairoaraujo, and 4 other contributors
Assets 47
v0.6.0
Changelog
- New VEX attestor 🎉
Others
- 69f67f1: chore: bump the all-go-mod group with 2 updates (#470) (@dependabot[bot])
- 45713cc: chore: bump the all-gha group with 2 updates (#471) (@dependabot[bot])
- 050506a: Bump to go-witness version with improved SBOMs and added testing (#469) (@jkjell)
Contributors
jkjell and dependabot
Assets 32
v0.5.2
Changelog
Bug fixes
- 54e8d18: fix: temporarily disable omnitrail on windows builds (#467) (@mikhailswift)
Others
- 1b286b7: chore: bump the all-gha group with 2 updates (#449) (@dependabot[bot])
- 16beb9e: chore: bump k8s.io/apimachinery from 0.30.0 to 0.30.1 in the all-go-mod group (#450) (@dependabot[bot])
- bb49495: Changed all the broken links (#453) (@DarikshaAnsari)
- d9733de: chore: bump the all-gha group with 2 updates (#457) (@dependabot[bot])
- 6ab0464: Updating yarn and modifying ignore on netlify toml (#455) (@ChaosInTheCRD)
- fa44388: Adding Signers section to website sidebar (#460) (@ChaosInTheCRD)
- b495cf7: fix(install-witness.sh): ensure compatibility with macOS for checksum verification (#459) (@fkautz)
- f499ffb: docs(getting-started): add information about slsa attestor (#456) (@rrey)
- 308aee9: Added generation of SBOM (#451) (@Yaxhveer)
- 3d08ed5: chore: bump the all-gha group with 2 updates (#461) (@dependabot[bot])
- 47b6e1c: chore: bump github.com/spf13/viper from 1.18.2 to 1.19.0 in the all-go-mod group (#462) (@dependabot[bot])
- 460f040: chore: bump the all-gha group with 3 updates (#463) (@dependabot[bot])
- c1352bd: SBOM and Omnitrail Attestor (#464) (@jkjell)
- f5b0e7b: Remove Windows Arm64 build until fixed (#466) (@jkjell)
- f5f2ae6: Add logging of passed step if found during policy failure (#454) (@jkjell)
- f07725e: refactor: make all run options have shorthand vars (#441) (@DataDavD)
Contributors
jkjell, fkautz, and 7 other contributors