cosign
https://github.com/sigstore/cosign
Cosign aims to make signatures invisible infrastructure.
Cosign supports:
- Hardware and KMS signing
- Bring-your-own PKI
- Our free OIDC PKI (Fulcio)
- Built-in
- Developed at security
- Sources inherited from project openSUSE:Factory
-
1
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Backports:SLE-15-SP5:FactoryCandidates/cosign && cd $_
- Create Badge
Refresh
Refresh
Source Files
Filename | Size | Changed |
---|---|---|
cosign-1.10.0.tar.gz | 0007140596 6.81 MB | |
cosign.changes | 0000026083 25.5 KB | |
cosign.spec | 0000002339 2.28 KB | |
vendor.tar.bz2 | 0012079599 11.5 MB |
Revision 8 (latest revision is 20)
Richard Brown (RBrownFactory)
accepted
request 991560
from
Marcus Meissner (msmeissn)
(revision 8)
- updated to 1.10.0 - replace gcr.io/distroless/ to use ghcr.io/distroless/ by @cpanato in #1961 - Separate RegExp matching of issuer/subject from strict by @vaikas in #1956 - tuf: improve TUF client concurrency and caching by @asraa in #1953 - Add Cloudsmith Container Registry to tested registry list by @ciaracarey in #1966 - feat(fulcioroots): singleton error pattern by @developer-guy in #1965 - Drop tuf client dependency on GCS client library by @imjasonh in #1967 - Add spdxjson predicate type for attestations by @jdolitsky in #1974 - Remove policy-controller now that it lives in sigstore/policy-controller by @vaikas in #1976 - cleanup: unexport kubernetes.Client method by @imjasonh in #1973 - cleanup ci job and remove policy-controller references by @cpanato in #1981 - fix/update post build job by @cpanato in #1983 - docs: updated Azure kms commands. by @JBrejnholt in #1972 - Add cyclonedx predicate type for attestations by @jdolitsky in #1977 - Route deprecated -version to version subcommand by @puerco in #1854 - docs(readme): add installation steps for container image for cosign binary by @developer-guy in #1986 - Add --platform flag to cosign sbom download by @puerco in #1975 - Use pkg/fulcioroots and pkg/tuf from sigstore/sigstore by @imjasonh in #1866 - Add --oidc-provider flag to specify which provider to use for ambient credentials by @priyawadhwa in #1998 - encrypt values to create the github action secret by @cpanato in #1990 - sign-blob: bundle should work independently and respect --output-certificate and --output-signature by @Dentrax in #2016 - Attempt to clean up pkg/cosign by @imjasonh in #2018 - public-key: fix command description by @Dentrax in #2024 - [NFC] specs: fix list formatting on SIGNATURE_SPEC by @woodruffw in #2030 - feat: cert-extensions verify by @developer-guy in #1626 - Fix #1378 create new attestation signature in replace mode if not existent by @Syquel in #2014 - Use cosign.ConfirmPrompt more consistently by @imjasonh in #2039 - chore: add a note about SIGSTORE_REKOR_PUBLIC_KEY var by @hectorj2f in #2040 - Fix OIDC test by @cpanato in #2050 - Add env subcommand. by @wlynch in #2051 (forwarded request 991559 from msmeissn)
Comments 0