Overview Repositories Revisions Requests Users Attributes Meta

Supply Chain Transparency Log

Edit Package rekor
https://github.com/sigstore/rekor

Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. Rekor will enable software maintainers and build systems to record signed metadata to an immutable record. Other parties can then query said metadata to enable them to make informed decisions on trust and non-repudiation of an object's lifecycle. For more details visit the sigstore website

The Rekor project provides a restful API based server for validation and a transparency log for storage. A CLI application is available to make and verify entries, query the transparency log for inclusion proof, integrity verification of the transparency log or retrieval of entries by either public key or artifact.

Rekor fulfils the signature transparency role of sigstore's software signing infrastructure. However, Rekor can be run on its own and is designed to be extensible to working with different manifest schemas and PKI tooling.

  • Developed at security
  • Sources inherited from project openSUSE:Factory
  • 1 derived packages
  • Download package
  • osc -A https://api.opensuse.org checkout openSUSE:Factory:Rebuild/rekor && cd $_
  • Create Badge
Refresh
Refresh
Source Files
Filename Size Changed
rekor-0.5.0.tar.gz 0000675400 660 KB
rekor.changes 0000002512 2.45 KB
rekor.spec 0000002909 2.84 KB
vendor.tar.xz 0005714607 5.45 MB
Revision 4 (latest revision is 21)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 966624 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 4) 
- Updated to rekor 0.5.0
  * Highlights
    - Add Rekor logo to README (#650)
    - update API calls to v5 (#591)
    - Refactor helm type to remove intermediate state. (#575)
    - Refactor the shard map parsing so we can pass it down into the API object. (#564)
    - Refactor the alpine type to reduce intermediate state. (#573)
  * Enhancements
    - Add logic to GET artifacts via old or new UUID (#587)
    - helpful error message for hashedrekord types (#605)
    - Set Accept header in dynamic counter requests (#594)
    - Add sharding package and update validators (#583)
    - rekor-cli: show the url in case of error (#581)
    - Enable parsing of incomplete minisign keys, to enable re-indexing. (#567)
    - Cleanups on the TUF pluggable type. (#563)
    - Refactor the RPM type to remove more intermediate state. (#566)
    - Do some cleanups of the jar type to remove intermediate state. (#561)
  * Others
    - update version comments since dependabot doesn't do it (#617)
    - Use workload identity provider instead of GitHub Secret for GCR access (#600)
    - add OSSF scorecard action (#599)
    - enable the sbom for rekor releases (#586)
    - Point to the official website (instead of a 404) (#580)
    - Add a Makefile target for the "ko apply" step. (#572)
    - types/README.md: Corrected documentation link (#568)

- enable server build too, as people might want to deploy rekor chain
  themselves. (forwarded request 966623 from msmeissn)
Comments 0
openSUSE Build Service is sponsored by
Places