Overview Repositories Revisions Requests Users Attributes Meta

cosign

Edit Package cosign
https://github.com/sigstore/cosign

Cosign aims to make signatures invisible infrastructure.

Cosign supports:

- Hardware and KMS signing
- Bring-your-own PKI
- Our free OIDC PKI (Fulcio)
- Built-in

  • Developed at security
  • Sources inherited from project openSUSE:Factory
  • 1 derived packages
  • Download package
  • osc -A https://api.opensuse.org checkout openSUSE:Backports:SLE-15-SP5:FactoryCandidates/cosign && cd $_
  • Create Badge
Refresh
Refresh
Source Files
Filename Size Changed
cosign-1.10.0.tar.gz 0007140596 6.81 MB
cosign.changes 0000026083 25.5 KB
cosign.spec 0000002339 2.28 KB
vendor.tar.bz2 0012079599 11.5 MB
Revision 8 (latest revision is 20)
Richard Brown's avatar Richard Brown (RBrownFactory) accepted request 991560 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 8) 
- updated to 1.10.0
  - replace gcr.io/distroless/ to use ghcr.io/distroless/ by @cpanato in #1961
  - Separate RegExp matching of issuer/subject from strict by @vaikas in #1956
  - tuf: improve TUF client concurrency and caching by @asraa in #1953
  - Add Cloudsmith Container Registry to tested registry list by @ciaracarey in #1966
  - feat(fulcioroots): singleton error pattern by @developer-guy in #1965
  - Drop tuf client dependency on GCS client library by @imjasonh in #1967
  - Add spdxjson predicate type for attestations by @jdolitsky in #1974
  - Remove policy-controller now that it lives in sigstore/policy-controller by @vaikas in #1976
  - cleanup: unexport kubernetes.Client method by @imjasonh in #1973
  - cleanup ci job and remove policy-controller references by @cpanato in #1981
  - fix/update post build job by @cpanato in #1983
  - docs: updated Azure kms commands. by @JBrejnholt in #1972
  - Add cyclonedx predicate type for attestations by @jdolitsky in #1977
  - Route deprecated -version to version subcommand by @puerco in #1854
  - docs(readme): add installation steps for container image for cosign binary by @developer-guy in #1986
  - Add --platform flag to cosign sbom download by @puerco in #1975
  - Use pkg/fulcioroots and pkg/tuf from sigstore/sigstore by @imjasonh in #1866
  - Add --oidc-provider flag to specify which provider to use for ambient credentials by @priyawadhwa in #1998
  - encrypt values to create the github action secret by @cpanato in #1990
  - sign-blob: bundle should work independently and respect --output-certificate and --output-signature by @Dentrax in #2016
  - Attempt to clean up pkg/cosign by @imjasonh in #2018
  - public-key: fix command description by @Dentrax in #2024
  - [NFC] specs: fix list formatting on SIGNATURE_SPEC by @woodruffw in #2030
  - feat: cert-extensions verify by @developer-guy in #1626
  - Fix #1378 create new attestation signature in replace mode if not existent by @Syquel in #2014
  - Use cosign.ConfirmPrompt more consistently by @imjasonh in #2039
  - chore: add a note about SIGSTORE_REKOR_PUBLIC_KEY var by @hectorj2f in #2040
  - Fix OIDC test by @cpanato in #2050
  - Add env subcommand. by @wlynch in #2051 (forwarded request 991559 from msmeissn)
Comments 0
openSUSE Build Service is sponsored by
Places