Overview Repositories Revisions Requests Users Attributes Meta

cosign

Edit Package cosign
https://github.com/sigstore/cosign

Cosign aims to make signatures invisible infrastructure.

Cosign supports:

- Hardware and KMS signing
- Bring-your-own PKI
- Our free OIDC PKI (Fulcio)
- Built-in

  • Developed at security
  • Sources inherited from project openSUSE:Factory
  • 1 derived packages
  • Download package
  • osc -A https://api.opensuse.org checkout openSUSE:Factory:zSystems/cosign && cd $_
  • Create Badge
Refresh
Refresh
Source Files
Filename Size Changed
cosign-1.12.0.tar.gz 0006634938 6.33 MB
cosign.changes 0000030024 29.3 KB
cosign.spec 0000002339 2.28 KB
vendor.tar.bz2 0012160213 11.6 MB
Revision 10 (latest revision is 21)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1003868 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 10) 
- updated to 1.12.0 (jsc#SLE-23879)
  - CVE-2022-36056: Fixed verify-blob could successfully verify an artifact when verification should have failed (bsc#1203430)
  - Support non-ECDSA key types for verify-blob by @haydentherapper in #2203
  - feat: integrate Alibaba Cloud Container Registry cred helper by @mozillazg in #2008
  - remove double quotes, looks like it is passing as a single string to cosign and not as an array by @cpanato in #2205
  - Clarify error when KMS provider fails to load by @znewman01 in #2220
  - feat: set annotations to generate additional bash completion information by @dirien in #2221
  - Add deprecation warning for sget CLI and packages by @imjasonh in #2019
  - upgrade setup-ko to point to new repo by @imjasonh in #2225
  - Temp fix for e2e test by @haydentherapper in #2247
  - update kind to use release v0.15.0 and some version comments by @cpanato in #2246
  - Fix e2e test failure, add test for local bundle without rekor bundle by @haydentherapper in #2248
  - fix: fix secret test, non-experimental bundle should pass by @asraa in #2249
- updated to 1.11.1
  - add stale workflow using the workflow template by @cpanato in #2175
  - Update Scorecard action to v2:alpha by @azeemshaikh38 in #2177
  - add release cadence section in the readme by @cpanato in #2179
  - feat: Rework fig autocomplete command by @dirien in #2187
  - fix: fix typo that caused attestation verification failure by @asraa in #2199
- updated to 1.11.0
  - Verify the certificate chain against the Fulcio root trust by default by @wata727 in #2139
  - Add notes to clarify registry use. by @bendory in #2145
  - Use TUF from scaffolding for validating cosign. by @vaikas in #2146
  - docs: clarify wording in spec about usage of certificate chain by @asraa in #2152
  - fix: fix blob verification output with sharded rekor tlogs by @asraa in #2157
  - fix: adds envelope hash to in-toto entries in tlog entry creation by @nkreiger in #2118
  - fix handling of verify-attestation types for URIs by @otms61 in #2159
  - fix oidc post-merge job by @cpanato in #2164
  - Remove third_party by @imjasonh in #2166
  - use updated device flow logic with PKCE by @bobcallaway in #2163 (forwarded request 1003867 from msmeissn)
Comments 0
openSUSE Build Service is sponsored by
Places