cosign
https://github.com/sigstore/cosign
Cosign aims to make signatures invisible infrastructure.
Cosign supports:
- Hardware and KMS signing
- Bring-your-own PKI
- Our free OIDC PKI (Fulcio)
- Built-in
- Devel package for openSUSE:Factory
-
3
derived packages
- Links to openSUSE:Factory / cosign
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout security/cosign && cd $_ - Create Badge
Refresh
Refresh
Source Files
| Filename | Size | Changed |
|---|---|---|
| _link | 0000000124 124 Bytes | |
| cosign-1.10.1.tar.gz | 0007142280 6.81 MB | |
| cosign.changes | 0000027421 26.8 KB | |
| cosign.spec | 0000002339 2.28 KB | |
| vendor.tar.bz2 | 0012126805 11.6 MB |
Revision 16 (latest revision is 41)
Marcus Meissner (msmeissn)
accepted
request 993341
from
Marcus Meissner (msmeissn)
(revision 16)
- updated to 1.10.1 (jsc#SLE-23879)
- CVE-2022-35929: Fixed that cosign verify-attestaton --type can
report a false positive if any attestation exists (GHSA-vjxv-45g9-9296
(bsc#1202157)
- What else changed:
- add flag to allow skipping upload to transparency log by @k4leung4 in #2089
- Improve error message when no sigs/atts are found for an image by @imjasonh in #2101
- Change Result in Vulnerability Attestation to interface{} by @knqyf263 in #2096
- Fix field names in the vulnerability attestation by @otms61 in #2099
- remove style jobs and cleanup makefile gofmt and goimports are running already with golangci-lint by @cpanato in #2105
- sparkles Enable Scorecard badge by @azeemshaikh38 in #2109
- Resolves #522 set Created date to time of execution by @Lerentis in #2108
- Introduce a custom error type to classify errors. by @mattmoor in #2114
- feat: attach: attestation: allow passing multiple payloads by @Dentrax in #2085
- update cross-builder to go1.18.5 and cosign image to 1.10.0 by @cpanato in #2119
- chore: fix documentation and warning on using untrusted rekor key by @asraa in #2124
- Correct the type used for attest by @mattmoor in #2128
Comments 0