Automic VaultAutomic Vault

brew / 排名 6010

安装 gitsign

查看 gitsign 的安装路径、可执行文件、元数据以及面向 AI 代理工作流的安全说明。

安装命令安全说明

安装

使用 Automic Vault 安装

Automic Vault
下载 AV
sudo av install brew:gitsign

macOS

Homebrewverified · 100%
brew install gitsign

local Homebrew formula metadata

MacPortsverified · 94%
sudo port install gitsign

MacPorts ports tree · security/gitsign/Portfile · source: api.github.com

Linux

Debian aptverified · 92%
sudo apt install gitsign

Debian stable package indexes · gitsign · source: deb.debian.org

Nixverified · 92%
nix profile install nixpkgs#gitsign

nixpkgs package indexes · pkgs/by-name/gi/gitsign/package.nix · source: api.github.com

Arch Linux pacmanverified · 92%
sudo pacman -S gitsign

Arch Linux sync databases · gitsign · source: geo.mirror.pkgbuild.com

openSUSE zypperverified · 92%
sudo zypper install gitsign

openSUSE Tumbleweed package metadata · gitsign · source: download.opensuse.org

Windows

Scoopverified · 92%
scoop install main/gitsign

Scoop official bucket manifest trees · bucket/gitsign.json · source: api.github.com

平台说明

  • 没有特定于此软件包的平台说明。

概览

软件包摘要

Keyless Git signing using Sigstore

命令和别名

  • gitsign
  • gitsign-credential-cache

安全态势

风险级别:green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Build metadata lists 1 build dependencies.

建议审查

在无人值守的代理使用前,请检查该工具是否读取明文凭据、写入远程状态、发布制品或调用插件。

可执行文件

已安装的可执行文件

命令类型暴露范围备注
gitsigncliglobal executable
gitsign-credential-cachecliglobal executable

新鲜度

版本和新鲜度

这些信号区分页生成时间、软件包管理器活动和上游发布比较。只有存在证据 URL 和可比较版本时,才会提示版本落后。

页面生成时间2026-06-10
管理器版本0.16.1
管理器更新时间2026-06-08
本地数据ok
上游current
检测到的最新版本v0.16.1

https://github.com/sigstore/gitsign

  • okNo freshness warnings were generated.

安装元数据

软件包元数据

Package keybrew:gitsign
Version0.16.1
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/gitsign
Homepagehttps://github.com/sigstore/gitsign
Repositoryhttps://github.com/sigstore/gitsign
Upstream docshttps://docs.sigstore.dev/
LicenseApache-2.0
Source archivehttps://github.com/sigstore/gitsign/archive/refs/tags/v0.16.1.tar.gz
Last updated2026-06-08T21:43:20Z
Pulseupdated
Build dependenciesgo
Bottleavailable (arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namegitsign
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Debian apt95%

gitsign 0.13.0-2+b2

Keyless Git signing using Sigstore (program)

https://github.com/sigstore/gitsign

sudo apt install gitsign
  • Section: vcs
  • Architecture: amd64
  • Source Package: gitsign
  • 1 dependencies
  • normalized package name match
  • Matched by: Gitsign
Debian stable package indexes · deb.debian.org · Debian stable package indexes: gitsign from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Debian apt95%

golang-github-sigstore-gitsign-dev 0.13.0-2

Keyless Git signing using Sigstore (library)

https://github.com/sigstore/gitsign

sudo apt install golang-github-sigstore-gitsign-dev
  • Section: golang
  • Architecture: all
  • Source Package: gitsign
  • 10 dependencies
  • normalized package name match
  • Matched by: Gitsign
Debian stable package indexes · deb.debian.org · Debian stable package indexes: golang-github-sigstore-gitsign-dev from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Nix95%

gitsign

nix profile install nixpkgs#gitsign
  • normalized package name match
  • Matched by: Gitsign
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/gi/gitsign/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
pacman95%

gitsign 0.14.0-2

Keyless Git signing using Sigstore

https://github.com/sigstore/gitsign

sudo pacman -S gitsign
  • License: APACHE
  • Architecture: x86_64
  • normalized package name match
  • Matched by: Gitsign
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: gitsign from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz
zypper95%

gitsign 0.16.0-1.1

Keyless Git signing using Sigstore

https://github.com/sigstore/gitsign

sudo zypper install gitsign
  • License: Apache-2.0
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: gitsign
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Gitsign
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: gitsign from https://download.opensuse.org/tumbleweed/repo/oss/repodata/155b97171d05e27afd950b6fe0d55513ff38f4597110664535bceedc680bbe6fd459f0733718dcc21dcf0efc7c8250fd1390c73d4790b42e62fb2c16a87242e5-primary.xml.zst
zypper95%

gitsign-credential-cache 0.16.0-1.1

Credential cache for gitsign

https://github.com/sigstore/gitsign

sudo zypper install gitsign-credential-cache
  • License: Apache-2.0
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: gitsign
  • 3 dependencies
  • 2 provides
  • normalized package name match
  • Matched by: Gitsign
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: gitsign-credential-cache from https://download.opensuse.org/tumbleweed/repo/oss/repodata/155b97171d05e27afd950b6fe0d55513ff38f4597110664535bceedc680bbe6fd459f0733718dcc21dcf0efc7c8250fd1390c73d4790b42e62fb2c16a87242e5-primary.xml.zst
MacPorts95%

gitsign

sudo port install gitsign
  • normalized package name match
  • Matched by: Gitsign
MacPorts ports tree · api.github.com · MacPorts ports tree: security/gitsign/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1
Scoop95%

main/gitsign

scoop install main/gitsign
  • normalized package name match
  • Matched by: Gitsign
Scoop official bucket manifest trees · api.github.com · Scoop official bucket manifest trees: bucket/gitsign.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1

软件包图谱

链接来自本地软件包关系图、补充数据、依赖边、生态匹配和软件包 hub 归属。

相关工具

  • goBuild dependency declared by Homebrew.

相同工作流

  • cosignShares av.db curated category or tags: cli, security, sigstore, software-supply-chain, supply-chain-security.
  • sigstoreShares av.db curated category or tags: cli, security, sigstore, software-supply-chain, supply-chain-security.
  • rekor-cliShares av.db curated category or tags: cli, security, sigstore, software-supply-chain, supply-chain-security.
  • gittufShares av.db curated category or tags: cli, git, security, software-supply-chain, supply-chain-security.
  • safetyShares av.db curated category or tags: cli, security, software-supply-chain, supply-chain-security.
  • poutineShares av.db curated category or tags: cli, security, software-supply-chain, supply-chain-security.

来源线索

由仓库数据生成

此页面由 av-webscripts/generate-pkg-sqlite.py 生成的私有软件包 SQLite 工件提供。

使用的来源

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment