cosign
https://github.com/sigstore/cosign
Cosign aims to make signatures invisible infrastructure.
Cosign supports:
- Hardware and KMS signing
- Bring-your-own PKI
- Our free OIDC PKI (Fulcio)
- Built-in
- Developed at security
- Sources inherited from project openSUSE:Factory
-
1
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout home:seife:Factory/cosign && cd $_ - Create Badge
Refresh
Refresh
Source Files
| Filename | Size | Changed |
|---|---|---|
| _service | 0000000127 127 Bytes | |
| cosign-2.2.3.tar.gz | 0000845096 825 KB | |
| cosign.changes | 0000046270 45.2 KB | |
| cosign.spec | 0000002139 2.09 KB | |
| vendor.tar.zst | 0013052690 12.4 MB |
Revision 19 (latest revision is 20)
Ana Guerrero (anag+factory)
accepted
request 1143630
from
Marcus Meissner (msmeissn)
(revision 19)
- updated to 2.2.3 (jsc#SLE-23879)
Bug Fixes:
* Fix race condition on verification with multiple signatures attached to image (#3486)
* fix(clean): Fix clean cmd for private registries (#3446)
* Fixed BYO PKI verification (#3427)
Features:
* Allow for option in cosign attest and attest-blob to upload attestation as supported in Rekor (#3466)
* Add support for OpenVEX predicate type (#3405)
Documentation:
* Resolves #3088: `version` sub-command expected behaviour documentation and testing (#3447)
* add examples for cosign attach signature cmd (#3468)
Misc:
* Remove CertSubject function (#3467)
* Use local rekor and fulcio instances in e2e tests (#3478)
- bumped embedded golang.org/x/crypto/ssh to fix the Terrapin attack CVE-2023-48795 (bsc#1218207) (forwarded request 1143629 from msmeissn)
Comments 0