Overview Repositories Revisions Requests Users Attributes Meta

cosign

Edit Package cosign
https://github.com/sigstore/cosign

Cosign aims to make signatures invisible infrastructure.

Cosign supports:

- Hardware and KMS signing
- Bring-your-own PKI
- Our free OIDC PKI (Fulcio)
- Built-in

  • Devel package for openSUSE:Factory
  • 3 derived packages
  • Links to openSUSE:Factory / cosign
  • Download package
  • osc -A https://api.opensuse.org checkout security/cosign && cd $_
  • Create Badge
Refresh
Refresh
Source Files
Filename Size Changed
_link 0000000124 124 Bytes
cosign-1.12.0.tar.gz 0006634938 6.33 MB
cosign.changes 0000030024 29.3 KB
cosign.spec 0000002339 2.28 KB
vendor.tar.bz2 0012160213 11.6 MB
Revision 18 (latest revision is 41)
Marcus Meissner's avatar Marcus Meissner (msmeissn) accepted request 1003867 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 18) 
- updated to 1.12.0 (jsc#SLE-23879)
  - CVE-2022-36056: Fixed verify-blob could successfully verify an artifact when verification should have failed (bsc#1203430)
  - Support non-ECDSA key types for verify-blob by @haydentherapper in #2203
  - feat: integrate Alibaba Cloud Container Registry cred helper by @mozillazg in #2008
  - remove double quotes, looks like it is passing as a single string to cosign and not as an array by @cpanato in #2205
  - Clarify error when KMS provider fails to load by @znewman01 in #2220
  - feat: set annotations to generate additional bash completion information by @dirien in #2221
  - Add deprecation warning for sget CLI and packages by @imjasonh in #2019
  - upgrade setup-ko to point to new repo by @imjasonh in #2225
  - Temp fix for e2e test by @haydentherapper in #2247
  - update kind to use release v0.15.0 and some version comments by @cpanato in #2246
  - Fix e2e test failure, add test for local bundle without rekor bundle by @haydentherapper in #2248
  - fix: fix secret test, non-experimental bundle should pass by @asraa in #2249
- updated to 1.11.1
  - add stale workflow using the workflow template by @cpanato in #2175
  - Update Scorecard action to v2:alpha by @azeemshaikh38 in #2177
  - add release cadence section in the readme by @cpanato in #2179
  - feat: Rework fig autocomplete command by @dirien in #2187
  - fix: fix typo that caused attestation verification failure by @asraa in #2199
- updated to 1.11.0
  - Verify the certificate chain against the Fulcio root trust by default by @wata727 in #2139
  - Add notes to clarify registry use. by @bendory in #2145
  - Use TUF from scaffolding for validating cosign. by @vaikas in #2146
  - docs: clarify wording in spec about usage of certificate chain by @asraa in #2152
  - fix: fix blob verification output with sharded rekor tlogs by @asraa in #2157
  - fix: adds envelope hash to in-toto entries in tlog entry creation by @nkreiger in #2118
  - fix handling of verify-attestation types for URIs by @otms61 in #2159
  - fix oidc post-merge job by @cpanato in #2164
  - Remove third_party by @imjasonh in #2166
  - use updated device flow logic with PKCE by @bobcallaway in #2163
Comments 0
openSUSE Build Service is sponsored by
Places