NAME

       oci-image-verification - Sigstore OCI image verification

DESCRIPTION

   Usage of /build/sigstore-go-WI8Fmg/sigstore-go-0.7.0/debian/tmp/usr/bin/oci-image-verification:

       -artifact string

              Path to artifact to verify

       -artifact-digest string

              Hex-encoded digest of artifact to verify

       -artifact-digest-algorithm string

              Digest algorithm (default "sha256")

       -expectedIssuer string

              The expected OIDC issuer for the signing certificate

       -expectedIssuerRegex string

              The expected OIDC issuer for the signing certificate

       -expectedSAN string

              The expected identity in the signing certificate's SAN extension

       -expectedSANRegex string

              The expected identity in the signing certificate's SAN extension

       -ignore-sct

              Ignore  SCT  verification  -  do not check that a certificate contains an embedded SCT, a proof of
              inclusion in a certificate transparency log

       -minBundleVersion string

              Minimum acceptable bundle version (e.g. '0.1')

       -ociImage string

              OCI image to verify

       -publicKey string

              Path to trusted public key

       -requireTimestamp

              Require either an RFC3161 signed timestamp or log entry integrated timestamp (default true)

       -requireTlog

              Require Artifact Transparency log entry (Rekor) (default true)

       -trustedrootJSONpath string

              Path to trustedroot JSON file (default "examples/trusted-root-public-good.json")

       -tufDirectory string

              Directory to store TUF metadata (default "tufdata")

       -tufRootURL string

              URL of TUF root containing trusted root JSON file

oci-image-verification 0.7.0-2                     March 2025                          OCI-IMAGE-VERIFICATION(1)