Supply Chain Transparency Log
Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. Rekor will enable software maintainers and build systems to record signed metadata to an immutable record. Other parties can then query said metadata to enable them to make informed decisions on trust and non-repudiation of an object's lifecycle. For more details visit the sigstore website
The Rekor project provides a restful API based server for validation and a transparency log for storage. A CLI application is available to make and verify entries, query the transparency log for inclusion proof, integrity verification of the transparency log or retrieval of entries by either public key or artifact.
Rekor fulfils the signature transparency role of sigstore's software signing infrastructure. However, Rekor can be run on its own and is designed to be extensible to working with different manifest schemas and PKI tooling.
- Developed at security
- Sources inherited from project openSUSE:Factory
-
1
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Factory:Rebuild/rekor && cd $_ - Create Badge
Source Files
| Filename | Size | Changed |
|---|---|---|
| rekor-0.12.1.tar.gz | 0000666476 651 KB | |
| rekor-zypper-verify.sh | 0000000941 941 Bytes | |
| rekor.changes | 0000013453 13.1 KB | |
| rekor.spec | 0000003015 2.94 KB | |
| vendor.tar.xz | 0005265555 5.02 MB |
Revision 10 (latest revision is 21)
Richard Brown (RBrownFactory)
accepted
request 1006397
from
Marcus Meissner (msmeissn)
(revision 10)
- updated to rekor 0.12.1 (jsc#SLE-23476):
- ** Rekor ** v0.12.1 comes with a breaking change to rekor-cli v0.12.1. Users of rekor-cli MUST upgrade to the latest version
The addition of the intotov2 created a breaking change for the rekor-cli
- What's Changed
- fix: fix harness tests with intoto v0.0.2 by @asraa in #1052
- feat: add file based signer and password by @asraa in #1049
- Adds new rekor metrics for latency and QPS. by @var-sdk in #1059
Comments 0