Overview Repositories Revisions Requests Users Attributes Meta

Supply Chain Transparency Log

Edit Package rekor
https://github.com/sigstore/rekor

Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. Rekor will enable software maintainers and build systems to record signed metadata to an immutable record. Other parties can then query said metadata to enable them to make informed decisions on trust and non-repudiation of an object's lifecycle. For more details visit the sigstore website

The Rekor project provides a restful API based server for validation and a transparency log for storage. A CLI application is available to make and verify entries, query the transparency log for inclusion proof, integrity verification of the transparency log or retrieval of entries by either public key or artifact.

Rekor fulfils the signature transparency role of sigstore's software signing infrastructure. However, Rekor can be run on its own and is designed to be extensible to working with different manifest schemas and PKI tooling.

  • Developed at security
  • Sources inherited from project openSUSE:Factory
  • 1 derived packages
  • Download package
  • osc -A https://api.opensuse.org checkout openSUSE:Factory:Rebuild/rekor && cd $_
  • Create Badge
Refresh
Refresh
Source Files
Filename Size Changed
rekor-1.3.3.tar.gz 0000890347 869 KB
rekor-zypper-verify.sh 0000000941 941 Bytes
rekor.changes 0000021806 21.3 KB
rekor.spec 0000003014 2.94 KB
vendor.tar.xz 0006234840 5.95 MB
Revision 19 (latest revision is 21)
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1128622 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 19) 
- updated to rekor 1.3.3 (jsc#SLE-23476):
  - Update signer flag description
  - update trillian to 1.5.3
  - adds redis_auth
  - Add method to get artifact hash for an entry
  - make e2e tests more usable with docker-compose
  - install go at correct version for codeql
- updated to rekor 1.3.2 (jsc#SLE-23476):
- updated to rekor 1.3.1 (jsc#SLE-23476):
  New Features:
  - enable GCP cloud profiling on rekor-server (#1746)
  - move index storage into interface (#1741)
  - add info to readme to denote additional documentation sources (#1722)
  - Add type of ed25519 key for TUF (#1677)
  - Allow parsing base64-encoded TUF metadata and root content (#1671)
  Quality Enhancements:
  - disable quota in trillian in test harness (#1680)
  Bug Fixes:
  - Update contact for code of conduct (#1720)
  - Fix panic when parsing SSH SK pubkeys (#1712)
  - Correct index creation (#1708)
  - docs: fixzes a small typo on the readme (#1686)
  - chore: fix backfill-redis Makefile target (#1685) (forwarded request 1128621 from msmeissn)
Comments 0
openSUSE Build Service is sponsored by
Places