Automic VaultAutomic Vault

brew / Rang 6010

gitsign installieren

Prüfe Installationswege, Executables, Metadaten und Sicherheitshinweise für gitsign in AI-Agent-Workflows.

InstallationsbefehlSicherheitshinweise

Installation

Mit Automic Vault installieren

Automic Vault
AV herunterladen
sudo av install brew:gitsign

macOS

Homebrewverified · 100%
brew install gitsign

local Homebrew formula metadata

MacPortsverified · 94%
sudo port install gitsign

MacPorts ports tree · security/gitsign/Portfile · source: api.github.com

Linux

Debian aptverified · 92%
sudo apt install gitsign

Debian stable package indexes · gitsign · source: deb.debian.org

Nixverified · 92%
nix profile install nixpkgs#gitsign

nixpkgs package indexes · pkgs/by-name/gi/gitsign/package.nix · source: api.github.com

Arch Linux pacmanverified · 92%
sudo pacman -S gitsign

Arch Linux sync databases · gitsign · source: geo.mirror.pkgbuild.com

openSUSE zypperverified · 92%
sudo zypper install gitsign

openSUSE Tumbleweed package metadata · gitsign · source: download.opensuse.org

Windows

Scoopverified · 92%
scoop install main/gitsign

Scoop official bucket manifest trees · bucket/gitsign.json · source: api.github.com

Plattformhinweise

  • Es waren keine paketspezifischen Plattformhinweise vorhanden.

Überblick

Paketzusammenfassung

Keyless Git signing using Sigstore

Befehle und Aliase

  • gitsign
  • gitsign-credential-cache

Sicherheitslage

Risikostufe: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Build metadata lists 1 build dependencies.

Empfohlene Prüfung

Prüfe vor unbeaufsichtigter Agent-Nutzung, ob das Tool Klartext-Credentials liest, Remote-Zustand schreibt, Artefakte veröffentlicht oder Plugins ausführt.

Executables

Installierte Executables

BefehlArtSichtbarkeitHinweis
gitsigncliglobal executable
gitsign-credential-cachecliglobal executable

Aktualität

Version und Aktualität

Diese Signale trennen das Alter der Seitengenerierung, Aktivität des Paketmanagers und Upstream-Release-Vergleich. Versionsrückstand wird nur gemeldet, wenn eine Evidenz-URL und vergleichbare Versionen vorhanden sind.

Seite generiert2026-06-10
Manager-Version0.16.1
Manager aktualisiert2026-06-08
lokale Datenok
Upstreamcurrent
neueste erkannte Versionv0.16.1

https://github.com/sigstore/gitsign

  • okNo freshness warnings were generated.

Installationsmetadaten

Paketmetadaten

Package keybrew:gitsign
Version0.16.1
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/gitsign
Homepagehttps://github.com/sigstore/gitsign
Repositoryhttps://github.com/sigstore/gitsign
Upstream docshttps://docs.sigstore.dev/
LicenseApache-2.0
Source archivehttps://github.com/sigstore/gitsign/archive/refs/tags/v0.16.1.tar.gz
Last updated2026-06-08T21:43:20Z
Pulseupdated
Build dependenciesgo
Bottleavailable (arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namegitsign
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Debian apt95%

gitsign 0.13.0-2+b2

Keyless Git signing using Sigstore (program)

https://github.com/sigstore/gitsign

sudo apt install gitsign
  • Section: vcs
  • Architecture: amd64
  • Source Package: gitsign
  • 1 dependencies
  • normalized package name match
  • Matched by: Gitsign
Debian stable package indexes · deb.debian.org · Debian stable package indexes: gitsign from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Debian apt95%

golang-github-sigstore-gitsign-dev 0.13.0-2

Keyless Git signing using Sigstore (library)

https://github.com/sigstore/gitsign

sudo apt install golang-github-sigstore-gitsign-dev
  • Section: golang
  • Architecture: all
  • Source Package: gitsign
  • 10 dependencies
  • normalized package name match
  • Matched by: Gitsign
Debian stable package indexes · deb.debian.org · Debian stable package indexes: golang-github-sigstore-gitsign-dev from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Nix95%

gitsign

nix profile install nixpkgs#gitsign
  • normalized package name match
  • Matched by: Gitsign
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/gi/gitsign/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
pacman95%

gitsign 0.14.0-2

Keyless Git signing using Sigstore

https://github.com/sigstore/gitsign

sudo pacman -S gitsign
  • License: APACHE
  • Architecture: x86_64
  • normalized package name match
  • Matched by: Gitsign
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: gitsign from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz
zypper95%

gitsign 0.16.0-1.1

Keyless Git signing using Sigstore

https://github.com/sigstore/gitsign

sudo zypper install gitsign
  • License: Apache-2.0
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: gitsign
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Gitsign
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: gitsign from https://download.opensuse.org/tumbleweed/repo/oss/repodata/155b97171d05e27afd950b6fe0d55513ff38f4597110664535bceedc680bbe6fd459f0733718dcc21dcf0efc7c8250fd1390c73d4790b42e62fb2c16a87242e5-primary.xml.zst
zypper95%

gitsign-credential-cache 0.16.0-1.1

Credential cache for gitsign

https://github.com/sigstore/gitsign

sudo zypper install gitsign-credential-cache
  • License: Apache-2.0
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: gitsign
  • 3 dependencies
  • 2 provides
  • normalized package name match
  • Matched by: Gitsign
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: gitsign-credential-cache from https://download.opensuse.org/tumbleweed/repo/oss/repodata/155b97171d05e27afd950b6fe0d55513ff38f4597110664535bceedc680bbe6fd459f0733718dcc21dcf0efc7c8250fd1390c73d4790b42e62fb2c16a87242e5-primary.xml.zst
MacPorts95%

gitsign

sudo port install gitsign
  • normalized package name match
  • Matched by: Gitsign
MacPorts ports tree · api.github.com · MacPorts ports tree: security/gitsign/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1
Scoop95%

main/gitsign

scoop install main/gitsign
  • normalized package name match
  • Matched by: Gitsign
Scoop official bucket manifest trees · api.github.com · Scoop official bucket manifest trees: bucket/gitsign.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1

Paketgraph

Links stammen aus dem lokalen Paketbeziehungsgraph, Ergänzungen, Abhängigkeitskanten, Ecosystem-Matches und Paket-Hub-Mitgliedschaft.

Verwandte Tools

  • goBuild dependency declared by Homebrew.

Gleicher Workflow

  • cosignShares av.db curated category or tags: cli, security, sigstore, software-supply-chain, supply-chain-security.
  • sigstoreShares av.db curated category or tags: cli, security, sigstore, software-supply-chain, supply-chain-security.
  • rekor-cliShares av.db curated category or tags: cli, security, sigstore, software-supply-chain, supply-chain-security.
  • gittufShares av.db curated category or tags: cli, git, security, software-supply-chain, supply-chain-security.
  • safetyShares av.db curated category or tags: cli, security, software-supply-chain, supply-chain-security.
  • poutineShares av.db curated category or tags: cli, security, software-supply-chain, supply-chain-security.

Quellspur

Aus Repository-Daten generiert

Diese Seite wird von av-web aus dem privaten Paket-SQLite-Artefakt bereitgestellt, das scripts/generate-pkg-sqlite.py erstellt.

Verwendete Quellen

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment