Packages from k2gl · Transparency log
-
-
PHP
k2gl/array-reader
Read typed values from untyped arrays (JSON, CSV, config, request data) in PHP, with strict and lenient modes
-
PHP
k2gl/composer-attest
Composer plugin that verifies GitHub build-provenance attestations for the packages you install
-
PHP
k2gl/composer-license-gate
Composer plugin that checks your dependencies' licenses against an allow/deny policy and can fail the install on a violation
-
PHP
k2gl/dsse
Sign and verify DSSE (Dead Simple Signing Envelope) payloads in PHP, with pluggable keys
-
PHP
k2gl/entity-exist
Symfony validation constraint that asserts a matching database row exists (or does not), via Doctrine
-
-
PHP
k2gl/in-toto-attestation
Build, sign and verify in-toto attestation Statements (v1 and v0.1) in PHP
-
-
-
PHP
k2gl/pragmatic-franken
Pragmatic FrankenPHP — PHP 8.5 / Symfony 8 starter: Vertical Slices + CQRS over Messenger, FrankenPHP worker mode, real prod image, agent-ready docs
-
PHP
k2gl/rekor-client
A PSR-18 client for the Rekor v2 transparency log — submit entries and read checkpoints in PHP
-
PHP
k2gl/sd-jwt
Selective Disclosure for JWTs (SD-JWT, RFC 9901) in pure PHP: issue, present, verify
-
PHP
k2gl/sd-jwt-vc
SD-JWT-based Verifiable Credentials (SD-JWT VC) in pure PHP: issue and verify dc+sd-jwt credentials
-
PHP
k2gl/signed-note
Parse, verify and sign signed notes — the transparency-log / Go sumdb format used by Sigstore Rekor checkpoints — in PHP
-
PHP
k2gl/sigstore-bundle
Build Sigstore bundles (.sigstore.json) in PHP — the counterpart to verification, emitting DSSE and message-signature bundles
-
PHP
k2gl/sigstore-sign
Sign artifacts and attestations with Sigstore from PHP — sign, log to Rekor, timestamp, and assemble a bundle
-
-
-
-
PHP
k2gl/tuf
TUF (The Update Framework) client for PHP: fetch and verify signed metadata and targets