cosign
https://github.com/sigstore/cosign
Cosign aims to make signatures invisible infrastructure.
Cosign supports:
- Hardware and KMS signing
- Bring-your-own PKI
- Our free OIDC PKI (Fulcio)
- Built-in
- Developed at security
- Sources inherited from project openSUSE:Factory
-
1
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Factory:zSystems/cosign && cd $_
- Create Badge
Refresh
Refresh
Source Files
Filename | Size | Changed |
---|---|---|
cosign-1.10.1.tar.gz | 0007142280 6.81 MB | |
cosign.changes | 0000027421 26.8 KB | |
cosign.spec | 0000002339 2.28 KB | |
vendor.tar.bz2 | 0012126805 11.6 MB |
Revision 9 (latest revision is 21)
Dominique Leuenberger (dimstar_suse)
accepted
request 993342
from
Marcus Meissner (msmeissn)
(revision 9)
- updated to 1.10.1 (jsc#SLE-23879) - CVE-2022-35929: Fixed that cosign verify-attestaton --type can report a false positive if any attestation exists (GHSA-vjxv-45g9-9296 (bsc#1202157) - What else changed: - add flag to allow skipping upload to transparency log by @k4leung4 in #2089 - Improve error message when no sigs/atts are found for an image by @imjasonh in #2101 - Change Result in Vulnerability Attestation to interface{} by @knqyf263 in #2096 - Fix field names in the vulnerability attestation by @otms61 in #2099 - remove style jobs and cleanup makefile gofmt and goimports are running already with golangci-lint by @cpanato in #2105 - sparkles Enable Scorecard badge by @azeemshaikh38 in #2109 - Resolves #522 set Created date to time of execution by @Lerentis in #2108 - Introduce a custom error type to classify errors. by @mattmoor in #2114 - feat: attach: attestation: allow passing multiple payloads by @Dentrax in #2085 - update cross-builder to go1.18.5 and cosign image to 1.10.0 by @cpanato in #2119 - chore: fix documentation and warning on using untrusted rekor key by @asraa in #2124 - Correct the type used for attest by @mattmoor in #2128 (forwarded request 993341 from msmeissn)
Comments 0