Supply Chain Transparency Log

Edit Package rekor
https://github.com/sigstore/rekor

Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. Rekor will enable software maintainers and build systems to record signed metadata to an immutable record. Other parties can then query said metadata to enable them to make informed decisions on trust and non-repudiation of an object's lifecycle. For more details visit the sigstore website

The Rekor project provides a restful API based server for validation and a transparency log for storage. A CLI application is available to make and verify entries, query the transparency log for inclusion proof, integrity verification of the transparency log or retrieval of entries by either public key or artifact.

Rekor fulfils the signature transparency role of sigstore's software signing infrastructure. However, Rekor can be run on its own and is designed to be extensible to working with different manifest schemas and PKI tooling.

Refresh
Refresh
Source Files
Filename Size Changed
rekor-1.1.1.tar.gz 0000870643 850 KB
rekor-zypper-verify.sh 0000000941 941 Bytes
rekor.changes 0000018334 17.9 KB
rekor.spec 0000003014 2.94 KB
vendor.tar.xz 0004343516 4.14 MB
Revision 15 (latest revision is 22)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1084327 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 15)
- updated to rekor 1.1.1 (jsc#SLE-23476):
  Functional Enhancements
  - Refactor Trillian client with exported methods (#1454)
  - Switch to official redis-go client (#1459)
  - Remove replace in go.mod (#1444)
  - Add Rekor OID info. (#1390)
  Quality Enhancements
  - remove legacy encrypted cosign key (#1446)
  - swap cjson dependency (#1441)
  - Update release readme (#1456) (forwarded request 1084326 from msmeissn)
Comments 0
openSUSE Build Service is sponsored by