Overview Repositories Revisions Requests Users Attributes Meta

cosign

Edit Package cosign
https://github.com/sigstore/cosign

Cosign aims to make signatures invisible infrastructure.

Cosign supports:

- Hardware and KMS signing
- Bring-your-own PKI
- Our free OIDC PKI (Fulcio)
- Built-in

  • Devel package for openSUSE:Factory
  • 3 derived packages
  • Links to openSUSE:Factory / cosign
  • Download package
  • osc -A https://api.opensuse.org checkout security/cosign && cd $_
  • Create Badge
Refresh
Refresh
Source Files
Filename Size Changed
_link 0000000124 124 Bytes
cosign-1.10.0.tar.gz 0007140596 6.81 MB
cosign.changes 0000026083 25.5 KB
cosign.spec 0000002339 2.28 KB
vendor.tar.bz2 0012079599 11.5 MB
Revision 14 (latest revision is 41)
Marcus Meissner's avatar Marcus Meissner (msmeissn) accepted request 991559 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 14) 
- updated to 1.10.0
  - replace gcr.io/distroless/ to use ghcr.io/distroless/ by @cpanato in #1961
  - Separate RegExp matching of issuer/subject from strict by @vaikas in #1956
  - tuf: improve TUF client concurrency and caching by @asraa in #1953
  - Add Cloudsmith Container Registry to tested registry list by @ciaracarey in #1966
  - feat(fulcioroots): singleton error pattern by @developer-guy in #1965
  - Drop tuf client dependency on GCS client library by @imjasonh in #1967
  - Add spdxjson predicate type for attestations by @jdolitsky in #1974
  - Remove policy-controller now that it lives in sigstore/policy-controller by @vaikas in #1976
  - cleanup: unexport kubernetes.Client method by @imjasonh in #1973
  - cleanup ci job and remove policy-controller references by @cpanato in #1981
  - fix/update post build job by @cpanato in #1983
  - docs: updated Azure kms commands. by @JBrejnholt in #1972
  - Add cyclonedx predicate type for attestations by @jdolitsky in #1977
  - Route deprecated -version to version subcommand by @puerco in #1854
  - docs(readme): add installation steps for container image for cosign binary by @developer-guy in #1986
  - Add --platform flag to cosign sbom download by @puerco in #1975
  - Use pkg/fulcioroots and pkg/tuf from sigstore/sigstore by @imjasonh in #1866
  - Add --oidc-provider flag to specify which provider to use for ambient credentials by @priyawadhwa in #1998
  - encrypt values to create the github action secret by @cpanato in #1990
  - sign-blob: bundle should work independently and respect --output-certificate and --output-signature by @Dentrax in #2016
  - Attempt to clean up pkg/cosign by @imjasonh in #2018
  - public-key: fix command description by @Dentrax in #2024
  - [NFC] specs: fix list formatting on SIGNATURE_SPEC by @woodruffw in #2030
  - feat: cert-extensions verify by @developer-guy in #1626
  - Fix #1378 create new attestation signature in replace mode if not existent by @Syquel in #2014
  - Use cosign.ConfirmPrompt more consistently by @imjasonh in #2039
  - chore: add a note about SIGSTORE_REKOR_PUBLIC_KEY var by @hectorj2f in #2040
  - Fix OIDC test by @cpanato in #2050
  - Add env subcommand. by @wlynch in #2051
Comments 0
openSUSE Build Service is sponsored by
Places