Packages from k2gl · Transparency log

  • PHP

    k2gl/app-env

    Run code conditionally on the current application environment (prod, dev, test)

  • PHP

    k2gl/array-reader

    Read typed values from untyped arrays (JSON, CSV, config, request data) in PHP, with strict and lenient modes

  • PHP

    k2gl/composer-attest

    Composer plugin that verifies GitHub build-provenance attestations for the packages you install

  • PHP

    k2gl/composer-license-gate

    Composer plugin that checks your dependencies' licenses against an allow/deny policy and can fail the install on a violation

  • PHP

    k2gl/dsse

    Sign and verify DSSE (Dead Simple Signing Envelope) payloads in PHP, with pluggable keys

  • PHP

    k2gl/entity-exist

    Symfony validation constraint that asserts a matching database row exists (or does not), via Doctrine

  • PHP

    k2gl/enum

    PHP BackedEnum spiced with syntactic sugar

  • PHP

    k2gl/in-toto-attestation

    Build, sign and verify in-toto attestation Statements (v1 and v0.1) in PHP

  • PHP

    k2gl/openvex

    Read, write and canonicalize OpenVEX documents in PHP

  • PHP

    k2gl/phpunit-fluent-assertions

    Improves test code readability

  • PHP

    k2gl/pragmatic-franken

    Pragmatic FrankenPHP — PHP 8.5 / Symfony 8 starter: Vertical Slices + CQRS over Messenger, FrankenPHP worker mode, real prod image, agent-ready docs

  • PHP

    k2gl/rekor-client

    A PSR-18 client for the Rekor v2 transparency log — submit entries and read checkpoints in PHP

  • PHP

    k2gl/sd-jwt

    Selective Disclosure for JWTs (SD-JWT, RFC 9901) in pure PHP: issue, present, verify

  • PHP

    k2gl/sd-jwt-vc

    SD-JWT-based Verifiable Credentials (SD-JWT VC) in pure PHP: issue and verify dc+sd-jwt credentials

  • PHP

    k2gl/signed-note

    Parse, verify and sign signed notes — the transparency-log / Go sumdb format used by Sigstore Rekor checkpoints — in PHP

  • PHP

    k2gl/sigstore-bundle

    Build Sigstore bundles (.sigstore.json) in PHP — the counterpart to verification, emitting DSSE and message-signature bundles

  • PHP

    k2gl/sigstore-sign

    Sign artifacts and attestations with Sigstore from PHP — sign, log to Rekor, timestamp, and assemble a bundle

  • PHP

    k2gl/sigstore-verify

    Offline Sigstore bundle verifier for PHP (Fulcio, Rekor, identity policy)

  • PHP

    k2gl/slsa-provenance

    SLSA Provenance predicates (v1 and v0.2) for PHP

  • PHP

    k2gl/sshsig

    Pure-PHP SSHSIG signing and verification, compatible with ssh-keygen -Y

  • PHP

    k2gl/tuf

    TUF (The Update Framework) client for PHP: fetch and verify signed metadata and targets