Overview Repositories Revisions Requests Users Attributes Meta

cosign

Edit Package cosign
https://github.com/sigstore/cosign

Cosign aims to make signatures invisible infrastructure.

Cosign supports:

- Hardware and KMS signing
- Bring-your-own PKI
- Our free OIDC PKI (Fulcio)
- Built-in

  • Devel package for openSUSE:Factory
  • 3 derived packages
  • Links to openSUSE:Factory / cosign
  • Download package
  • osc -A https://api.opensuse.org checkout security/cosign && cd $_
  • Create Badge
Refresh
Refresh
Source Files
Filename Size Changed
_service 0000000127 127 Bytes
cosign-2.2.4.tar.gz 0000840586 821 KB
cosign.changes 0000047499 46.4 KB
cosign.spec 0000004128 4.03 KB
vendor.tar.zst 0013248402 12.6 MB
Revision 38 (latest revision is 41)
Marcus Meissner's avatar Marcus Meissner (msmeissn) accepted request 1167810 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 38) 
- updated to 2.2.4 (jsc#SLE-23879)
  * Bug Fixes
    * Fixes for GHSA-88jx-383q-w4qc and GHSA-95pr-fxf5-86gv (#3661)
      - CVE-2024-29902: Malicious attachments can cause system-wide denial of service (bsc#1222835)
      - CVE-2024-29903: Malicious artifects can cause machine-wide denial of service (bsc#1222837)
    * ErrNoSignaturesFound should be used when there is no signature attached to an image. (#3526)
    * fix semgrep issues for dgryski.semgrep-go ruleset (#3541)
    * Honor creation timestamp for signatures again (#3549)
  * Features
    * Adds Support for Fulcio Client Credentials Flow, and Argument to Set Flow Explicitly (#3578)
  * Documentation
    * add oci bundle spec (#3622)
    * Correct help text of triangulate cmd (#3551)
    * Correct help text of verify-attestation policy argument (#3527)
    * feat: add OVHcloud MPR registry tested with cosign (#3639)
Comments 0
openSUSE Build Service is sponsored by
Places