Overview Repositories Revisions Requests Users Attributes Meta

cosign

Edit Package cosign
https://github.com/sigstore/cosign

Cosign aims to make signatures invisible infrastructure.

Cosign supports:

- Hardware and KMS signing
- Bring-your-own PKI
- Our free OIDC PKI (Fulcio)
- Built-in

  • Developed at security
  • Sources inherited from project openSUSE:Factory
  • 1 derived packages
  • Download package
  • osc -A https://api.opensuse.org checkout openSUSE:Factory:PowerPC/cosign && cd $_
  • Create Badge
Refresh
Refresh
Source Files
Filename Size Changed
cosign-1.5.0.tar.gz 0006595932 6.29 MB
cosign.changes 0000005513 5.38 KB
cosign.spec 0000002490 2.43 KB
vendor.tar.bz2 0012903247 12.3 MB
Revision 2 (latest revision is 20)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 949015 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 2) 
- updated to 1.5.0
  ## Highlights
  * enable sbom generation when releasing (https://github.com/sigstore/cosign/pull/1261)
  * feat: log error to stderr (https://github.com/sigstore/cosign/pull/1260)
  * feat: support attach attestation (https://github.com/sigstore/cosign/pull/1253)
  * feat: resolve --cert from URL (https://github.com/sigstore/cosign/pull/1245)
  * feat: generate/upload sbom for cosign projects (https://github.com/sigstore/cosign/pull/1237)
  * feat: vuln attest support (https://github.com/sigstore/cosign/pull/1168)
  * feat: add ambient credential detection with spiffe/spire (https://github.com/sigstore/cosign/pull/1220)
  * feat: generate/upload sbom for cosign projects (https://github.com/sigstore/cosign/pull/1236)
  * feat: implement cosign download attestation (https://github.com/sigstore/cosign/pull/1216)
  ## Enhancements
  * Don't use k8schain, statically link cloud cred helpers in cosign (https://github.com/sigstore/cosign/pull/1279)
  * Export function to verify individual signature (https://github.com/sigstore/cosign/pull/1334)
  * Add suffix with digest to signature file output for recursive signing (https://github.com/sigstore/cosign/pull/1267)
  * Take OIDC client secret into account (https://github.com/sigstore/cosign/pull/1310)
  * Add --bundle flag to sign-blob and verify-blob (https://github.com/sigstore/cosign/pull/1306)
  * Add flag to verify OIDC issuer in certificate (https://github.com/sigstore/cosign/pull/1308)
  * add OSSF scorecard action (https://github.com/sigstore/cosign/pull/1318)
  * Add TUF timestamp to attestation bundle (https://github.com/sigstore/cosign/pull/1316)
  * Provide certificate flags to all verify commands (https://github.com/sigstore/cosign/pull/1305)
  * Bundle TUF timestamp with signature on signing (https://github.com/sigstore/cosign/pull/1294)
  * Add support for importing PKCShttps://github.com/sigstore/cosign/pull/8 private keys, and add validation (https://github.com/sigstore/cosign/pull/1300)
  * add error message (https://github.com/sigstore/cosign/pull/1296)
  * Move bundle out of `oci` and into `bundle` package (https://github.com/sigstore/cosign/pull/1295)
  * Reorganize verify-blob code and add a unit test (https://github.com/sigstore/cosign/pull/1286)
  * One-to-one mapping of invocation to scan result (https://github.com/sigstore/cosign/pull/1268)
  * refactor common utilities (https://github.com/sigstore/cosign/pull/1266)
  * Importing RSA and EC keypairs (https://github.com/sigstore/cosign/pull/1050)
  * Refactor the tuf client code. (https://github.com/sigstore/cosign/pull/1252) (forwarded request 949014 from msmeissn)
Comments 0
openSUSE Build Service is sponsored by
Places