Supply Chain Transparency Log
Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. Rekor will enable software maintainers and build systems to record signed metadata to an immutable record. Other parties can then query said metadata to enable them to make informed decisions on trust and non-repudiation of an object's lifecycle. For more details visit the sigstore website
The Rekor project provides a restful API based server for validation and a transparency log for storage. A CLI application is available to make and verify entries, query the transparency log for inclusion proof, integrity verification of the transparency log or retrieval of entries by either public key or artifact.
Rekor fulfils the signature transparency role of sigstore's software signing infrastructure. However, Rekor can be run on its own and is designed to be extensible to working with different manifest schemas and PKI tooling.
- Developed at security
- Sources inherited from project openSUSE:Factory
-
1
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Leap:15.2:FactoryCandidates/rekor && cd $_
- Create Badge
Source Files
Filename | Size | Changed |
---|---|---|
rekor-0.5.0.tar.gz | 0000675400 660 KB | |
rekor.changes | 0000002512 2.45 KB | |
rekor.spec | 0000002909 2.84 KB | |
vendor.tar.xz | 0005714607 5.45 MB |
Revision 4 (latest revision is 22)
- Updated to rekor 0.5.0 * Highlights - Add Rekor logo to README (#650) - update API calls to v5 (#591) - Refactor helm type to remove intermediate state. (#575) - Refactor the shard map parsing so we can pass it down into the API object. (#564) - Refactor the alpine type to reduce intermediate state. (#573) * Enhancements - Add logic to GET artifacts via old or new UUID (#587) - helpful error message for hashedrekord types (#605) - Set Accept header in dynamic counter requests (#594) - Add sharding package and update validators (#583) - rekor-cli: show the url in case of error (#581) - Enable parsing of incomplete minisign keys, to enable re-indexing. (#567) - Cleanups on the TUF pluggable type. (#563) - Refactor the RPM type to remove more intermediate state. (#566) - Do some cleanups of the jar type to remove intermediate state. (#561) * Others - update version comments since dependabot doesn't do it (#617) - Use workload identity provider instead of GitHub Secret for GCR access (#600) - add OSSF scorecard action (#599) - enable the sbom for rekor releases (#586) - Point to the official website (instead of a 404) (#580) - Add a Makefile target for the "ko apply" step. (#572) - types/README.md: Corrected documentation link (#568) - enable server build too, as people might want to deploy rekor chain themselves. (forwarded request 966623 from msmeissn)
Comments 0