Adding section for language clients.

content/en/language_clients/_index.html

@@ -0,0 +1,11 @@
+---
+type: docs
+title: "Language Clients"
+description: "Language Clients"
+lead: "Language Clients"
+date: 2024-10-06T08:49:15+00:00
+lastmod: 2024-10-06T08:49:15+00:00
+draft: false
+images: []
+weight: 20
+---

content/en/language_clients/language_client_overview.md

@@ -0,0 +1,19 @@
+---
+type: docs
+category: Language Clients
+title: Language Client Overview
+weight: 5
+---
+
+Sigstore uses [cosign](../../cosign/signing/overview) to sign and verify packages by default, but you can opt to use a language specific client instead.
+
+Sigstore has clients for the following language ecosystems:
+
+- [Python](https://github.com/sigstore/sigstore-python#sigstore-python)
+- [Rust](https://github.com/sigstore/sigstore-rs#features)
+- [Ruby](https://github.com/sigstore/sigstore-ruby#sigstore)
+- [JavaScript](https://github.com/sigstore/sigstore-js#sigstore-js---)
+- [Java](https://github.com/sigstore/sigstore-java#sigstore-java)
+- [Go](https://github.com/sigstore/sigstore-go#sigstore-go)
+
+Currently, language client documentation is hosted in the individual project repositories. This documentation is being migrated to the general sigstore docs.

content/en/quickstart/quickstart-cosign.md

@@ -14,7 +14,7 @@
 
 Cosign is a command line utility that is used to sign software artifacts and verify signatures using Sigstore.
 
-Sigstore has a number of language specific clients (like [sigstore-python](https://github.com/sigstore/sigstore-python)). These clients are SDKs that you can use to build custom tooling. Although a number of the clients include a basic CLI, Cosign is the recommended tool for signing and verifying.  
+Sigstore has a number of [language specific clients](../../language_clients/language_client_overview) that you can use to build custom tooling. Although a number of the clients include a basic CLI, Cosign is the recommended tool for signing and verifying.
 
 This quickstart will walk you through how to sign and verify a blob and a container.
 
@@ -26,19 +26,19 @@
 
 The basic signing format for a blob is as follows:
 
 ```
 $ cosign sign-blob <file> --bundle cosign.bundle
 ```
 
 The bundle contains signing metadata, including the signature and certificate.
 
 The Cosign command requests a certificate from the Sigstore certificate authority, Fulcio. Fulcio checks your identity by using an authentication protocol (OpenID Connect) to confirm your email address. If your identity is correct, Fulcio grants a short-lived, time-stamped certificate. The certificate is bound to the public key to attest to your identity. This activity is logged using the Sigstore transparency and timestamping log, Rekor.
 
 Note that you don’t need to use a key to sign. Currently, you can authenticate with Google, GitHub, or Microsoft, which will associate your identity with a short-lived signing key. 
 
 For more information about Cosign's additional options and features, run the command:
 
 ```
 cosign sign-blob --help
 ```
 
@@ -54,7 +54,7 @@
 
 The following example verifies the signature on `file.txt` from user `[email protected]` issued by `[email protected]`. It uses a provided bundle `cosign.bundle` that contains the certificate and signature.
 
 ```
 $ cosign verify-blob <file> --bundle cosign.bundle [email protected]
                               --certificate-oidc-issuer=https://accounts.example.com
 ```
@@ -67,11 +67,11 @@
 
 To use `ttl.sh` and [crane](https://github.com/google/go-containerregistry/tree/main/cmd/crane) to prepare the image to sign, run the following:
 
 ```
 $ SRC_IMAGE=busybox
 $ SRC_DIGEST=$(crane digest busybox)
 $ IMAGE_URI=ttl.sh/$(uuidgen | head -c 8 | tr 'A-Z' 'a-z')
 $ crane cp $SRC_IMAGE@$SRC_DIGEST $IMAGE_URI:1h
 $ IMAGE_URI_DIGEST=$IMAGE_URI@$SRC_DIGEST
 ```