cosign
https://github.com/sigstore/cosign
Cosign aims to make signatures invisible infrastructure.
Cosign supports:
- Hardware and KMS signing
- Bring-your-own PKI
- Our free OIDC PKI (Fulcio)
- Built-in
- Developed at security
- Sources inherited from project openSUSE:Factory
-
1
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Backports:SLE-15-SP4:FactoryCandidates/cosign && cd $_
- Create Badge
Refresh
Refresh
Source Files
Filename | Size | Changed |
---|---|---|
_service | 0000000127 127 Bytes | |
cosign-2.2.0.tar.gz | 0000850421 830 KB | |
cosign.changes | 0000042046 41.1 KB | |
cosign.spec | 0000002139 2.09 KB | |
vendor.tar.zst | 0017520501 16.7 MB |
Revision 16 (latest revision is 20)
Dominique Leuenberger (dimstar_suse)
accepted
request 1108432
from
Marcus Meissner (msmeissn)
(revision 16)
- updated to 2.2.0 (jsc#SLE-23879) - Enhancements * switch to uploading DSSE types to rekor instead of intoto (#3113) * add 'cosign sign' command-line parameters for mTLS (#3052) * improve error messages around bundle != payload hash (#3146) * make VerifyImageAttestation function public (#3156) * Switch to cryptoutils function for SANS (#3185) * Handle HTTP_1_1_REQUIRED errors in github provider (#3172) - Bug Fixes * Fix nondeterminsitic timestamps (#3121) - Documentation * doc: Add example of sign-blob with key in env var (#3152) * add deprecation notice for cosign-releases GCS bucket (#3148) * update doc links (#3186) - updated to 2.1.1 (jsc#SLE-23879) - Bug Fixes - wait for the workers become available again to continue the execution (#3084) - fix help text when in a container (#3082) - updated to 2.1.0 (jsc#SLE-23879) - Breaking Change: The predicate is now a required flag in the attest commands, set via the --type flag. - Enhancements - Verify sigs and attestations in parallel (#3066) - Deep inspect attestations when filtering download (#3031) - refactor bundle validation code, add support for DSSE rekor type (#3016) - Allow overriding remote options (#3049) - feat: adds no cert found on sig exit code (#3038) - Make predicate a required flag in attest commands (#3033) - Added support for attaching Time stamp authority Response in attach command (#3001) - Add sign --sign-container-identity CLI (#2984) (forwarded request 1108431 from msmeissn)
Comments 0