Supply Chain Transparency Log
Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. Rekor will enable software maintainers and build systems to record signed metadata to an immutable record. Other parties can then query said metadata to enable them to make informed decisions on trust and non-repudiation of an object's lifecycle. For more details visit the sigstore website
The Rekor project provides a restful API based server for validation and a transparency log for storage. A CLI application is available to make and verify entries, query the transparency log for inclusion proof, integrity verification of the transparency log or retrieval of entries by either public key or artifact.
Rekor fulfils the signature transparency role of sigstore's software signing infrastructure. However, Rekor can be run on its own and is designed to be extensible to working with different manifest schemas and PKI tooling.
- Developed at security
- Sources inherited from project openSUSE:Factory
-
1
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Factory:Rebuild/rekor && cd $_ - Create Badge
Source Files
| Filename | Size | Changed |
|---|---|---|
| rekor-0.12.0.tar.gz | 0000663986 648 KB | |
| rekor-zypper-verify.sh | 0000000941 941 Bytes | |
| rekor.changes | 0000012844 12.5 KB | |
| rekor.spec | 0000003015 2.94 KB | |
| vendor.tar.xz | 0004054160 3.87 MB |
Revision 9 (latest revision is 21)
Dominique Leuenberger (dimstar_suse)
accepted
request 1003863
from
Marcus Meissner (msmeissn)
(revision 9)
- updated to rekor 0.12.0 (jsc#SLE-23476): - check supportedVersions list rather than directly reading from version map by @bobcallaway in #1003 - enable blocking specific pluggable type versions from being inserted into the log by @bobcallaway in #1004 - api.SearchLogQueryHandler thread safety by @cdris in #1006 - 'docker compose' to 'docker-compose' by @bobcallaway in #1009 - Intoto v0.0.2 by @pxp928 in #973 - Add bounds on number of elements in api/v1/log/entries/retrieve by @priyawadhwa in #1011 - Change Checkpoint origin to be "Hostname - Tree ID" by @haydentherapper in #1013 - feat: add verification functions by @asraa in #986 - Validate tree ID on calls to /api/v1/log/entries/retrieve by @priyawadhwa in #1017 - Include checkpoint (STH) in entry upload and retrieve responses by @haydentherapper in #1015 - fix: use entry uuid uniformly in return responses by @asraa in #1012 - remove /api/v1/version endpoint by @bobcallaway in #1022 - Fix rekor-cli backwards incompatibility & run harness tests against HEAD by @priyawadhwa in #1030 - Fix harness tests @ main by @priyawadhwa in #1038 - Fetch all tags in harness tests by @priyawadhwa in #1039 - fix retrieve endpoint response code and add testing by @asraa in #1043 - updated to rekor 0.11.0: - Add rekor harness tests by @priyawadhwa in #945 - Persist and check attestations across harness tests by @priyawadhwa in #952 - Add harness test for getting all entries by UUID and EntryID by @priyawadhwa in #957 - api: fix inclusion proof verification flake by @asraa in #956 - change default value for rekor_server.hostname to server's hostname by @bobcallaway in #963 - fix nil-pointer error when artifact-hash is passed without artifact by @dsa0x in #965 - Add prometheus summary to track metric latency by @priyawadhwa in #966 - compute payload and envelope hashes upon validating intoto proposed entries by @bobcallaway in #967 - update field documentation on publicKey for hashedrekord by @bobcallaway in #969 - Allow sharding config to be written in yaml or json by @priyawadhwa in #974 - fix incorrect schema id for cose type by @bobcallaway in #979 - fix: make rekor verify work with sharded uuids by @asraa in #970 (forwarded request 1003862 from msmeissn)
Comments 0