v0.9.0

• Added support for DSSE envelopes in InTotoRun, InTotoRecord, and InTotoVerify (#228)
• Removed use of io/ioutil (#229)
• Source reorganization / clean up, removed DSSESigner in favour of EnvelopeSigner in go-securesystemslib (#228)
• Dependency bump (#231)

v0.8.0

This release includes:

• Support for SLSA Provenance v1 (courtesy @asraa, @chuangw6)
• --verify flag to the sign subcommand
• Updates to tested Go versions, various minor code fixes
• Dependency updates

v0.7.1

This update adds type aliases for SLSA Provenance v0.2 fields (courtesy @wlynch) and includes various dependency updates.

v0.7.0

NOTE: This release changes the interface of DSSESigner.SignPayload and DSSESigner.Verify due to a change in go-securesystemslib.

For more information, see #206 and secure-systems-lab/go-securesystemslib#34.

v0.6.0

• Updates symlink handling to more closely mirror Python implementation (#194), adds parameter to InTotoRun and InTotoRecord APIs
• Various dependency updates
• Clean up of readme

v0.5.0

Since v0.4.0, we've welcomed Parth Patel (@pxp928) as a maintainer of in-toto-golang!

• Adds Godoc documentation for SLSA Provenance v0.2 fields (@wlynch)
• Updates CycloneDX predicate type (@lehors)
• Adds ability to use InTotoRun without a command (@shibumi, @adityasaky)

v0.4.0

This release includes the changes introduced in v0.4.0-prerelease and some more changes. The changelog includes all the changes since v0.3.3.

• Removes DSSE code and moves it to https://github.com/secure-systems-lab/go-securesystemslib (@shibumi)
• Uses go-securesystemslib for canonical JSON
• Adds SPIFFE integration (@pxp928, @mikhailswift)
• Re-organizes SLSA provenance formats based on versioning, adds v0.2 (@priyawadhwa), makes provenance API version explicit (@chuangw6)
• Adds CycloneDX predicate (@puerco)

v0.4.0-prerelease

This is a prerelease of v0.4.0, cut from the next branch. v0.4.0 will follow when some next-only features are merged into master.

• Removes DSSE code and moves it to https://github.com/secure-systems-lab/go-securesystemslib (@shibumi)
• Adds SPIFFE integration (@pxp928, @mikhailswift)
• Re-organizes SLSA provenance formats based on versioning, adds v0.2 (@priyawadhwa)

v0.3.3

This release enables Windows support / testing again.

• Adds a linter in the CI for new changes, courtesy of @kevholmes
• Fixes a bug where left-stripping two artifacts with different prefixes could have resulted in a collision in the resultant paths with no warning, courtesy of @kadern0
• Fixes to error strings formatting to follow best practices, courtesy of @adityasaky
• Adds auto completion to CLI, courtesy of @developer-guy
• Adds CLI docs, courtesy of @developer-guy
• Changes in how cobra is organized so as to follow the standard template, courtesy of @lukehinds
• Re-enables line normalization feature that was disabled in v0.3.2 as an option, courtesy of @alanssitis

v0.3.2

This release temporarily drops support / testing on Windows.

Fixes a bug discovered by @mikhailswift where normalizing line endings was causing hash mismatch. See #135 and #136 for more context. Fixed by @shibumi.