Supply Chain Transparency Log
Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. Rekor will enable software maintainers and build systems to record signed metadata to an immutable record. Other parties can then query said metadata to enable them to make informed decisions on trust and non-repudiation of an object's lifecycle. For more details visit the sigstore website
The Rekor project provides a restful API based server for validation and a transparency log for storage. A CLI application is available to make and verify entries, query the transparency log for inclusion proof, integrity verification of the transparency log or retrieval of entries by either public key or artifact.
Rekor fulfils the signature transparency role of sigstore's software signing infrastructure. However, Rekor can be run on its own and is designed to be extensible to working with different manifest schemas and PKI tooling.
- Developed at security
- Sources inherited from project openSUSE:Factory
-
1
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Leap:16.0:FactoryCandidates/rekor && cd $_
- Create Badge
Source Files
Filename | Size | Changed |
---|---|---|
rekor-1.0.0.tar.gz | 0000671387 656 KB | |
rekor-zypper-verify.sh | 0000000941 941 Bytes | |
rekor.changes | 0000015659 15.3 KB | |
rekor.spec | 0000003014 2.94 KB | |
vendor.tar.xz | 0005277031 5.03 MB |
Revision 12 (latest revision is 22)
- updated to rekor 1.0.0 (sc#SLE-23476): - add description on /api/v1/index/retrieve endpoint by @bobcallaway in https://github.com/sigstore/rekor/pull/1073 - Adding e2e test coverage by @cdris in https://github.com/sigstore/rekor/pull/1071 - export rekor build/version information by @cpanato in https://github.com/sigstore/rekor/pull/1074 - Use POST instead of GET for /api/log/entries/retrieve metrics. by @var-sdk in https://github.com/sigstore/rekor/pull/1083 - Search through all shards when searching by hash by @priyawadhwa in https://github.com/sigstore/rekor/pull/1082 - verify: verify checkpoint's STH against the inclusion proof root hash by @asraa in https://github.com/sigstore/rekor/pull/1092 - add ability to enable/disable specific rekor API endpoints by @bobcallaway in https://github.com/sigstore/rekor/pull/1080 - enable configurable client retries with backoff in RekorClient by @bobcallaway in https://github.com/sigstore/rekor/pull/1096 - remove dead code around api-key and timestamp references by @bobcallaway in https://github.com/sigstore/rekor/pull/1098 - update swagger API version to 1.0.0 by @bobcallaway in https://github.com/sigstore/rekor/pull/1102 - remove unused RekorVersion API definition by @bobcallaway in https://github.com/sigstore/rekor/pull/1101 - install gocovmerge in hack/tools by @bobcallaway in https://github.com/sigstore/rekor/pull/1103 - add retry command line flag on rekor-cli by @bobcallaway in https://github.com/sigstore/rekor/pull/1097 - Add some info and debug logging to commonly used funcs by @priyawadhwa in https://github.com/sigstore/rekor/pull/1106 (forwarded request 1029932 from msmeissn)
Comments 0