Package Health

k2gl/sigstore-sign

Sign artifacts and attestations with Sigstore from PHP — sign, log to Rekor, timestamp, and assemble a bundle.

Latest 1.1.4PackagistPackagist

72%

Total Score

Dependencies
Dependencies
Evaluates the health and security of package dependencies

100

Maturity
Maturity
Indicates package age, release frequency, and adoption metrics

15

Supply Chain
Supply Chain
Evaluates supply chain security practices and risks

100

Vulnerabilities

We didn't find any vulnerabilities for this package.

Package versions

Maintainers

Nick Harin

Direct Dependencies

DependencyLast ReleaseScore
k2gl/dsse
Version ^1.3
psr/http-client
Version ^1.0
psr/http-factory
Version ^1.0
psr/http-message
Version ^1.1|^2.0
k2gl/rekor-client
Version ^1.0

Weekly Downloads

Info

Last Published
3 hours ago
Created
6 hours ago