PHPackages k2gl/sigstore-verify - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. k2gl/sigstore-verify ActiveLibrary[Security](/categories/security) k2gl/sigstore-verify ==================== Offline, fail-closed PHP verifier for Sigstore bundles: certificate chain to a Fulcio root, DSSE signature, Rekor transparency-log proof and identity policy, returning a verified in-toto Statement. 0.7.0(1w ago)02↓100%MITPHP >=8.1 Since May 30Compare [ Source](https://github.com/k2gl/sigstore-verify)[ Packagist](https://packagist.org/packages/k2gl/sigstore-verify)[ Docs](https://github.com/k2gl/sigstore-verify)[ RSS](/packages/k2gl-sigstore-verify/feed)WikiDiscussions Synced 1w ago READMEChangelogDependencies (7)Versions (12)Used By (0) ### README not available The README for this package hasn't been synced yet. View it on [GitHub](https://github.com/k2gl/sigstore-verify). ### Health Score 37 — LowBetter than 81% of packages Maintenance98 Actively maintained with recent releases Popularity3 Limited adoption so far Community2 Small or concentrated contributor base Maturity38 Early-stage or recently created project How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 8 Last Release 7d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/6bc4aa529c7f13ea593297497f6eae20d5c07f476baa0a551960d7e6ff1e5413?d=identicon)[k2gl](/maintainers/k2gl) --- Tags bundleattestationsupply-chaindssein-totosigstoreslsarekorfulciotransparency-log ### Code Quality TestsPHPUnit Static AnalysisPHPStan Code StyleLaravel Pint Type Coverage Yes ### Embed Badge ![Health badge](/badges/k2gl-sigstore-verify/health.svg) ``` [![Health](https://phpackages.com/badges/k2gl-sigstore-verify/health.svg)](https://phpackages.com/packages/k2gl-sigstore-verify) ``` PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)