cosign
https://github.com/sigstore/cosign
Cosign aims to make signatures invisible infrastructure.
Cosign supports:
- Hardware and KMS signing
- Bring-your-own PKI
- Our free OIDC PKI (Fulcio)
- Built-in
- Developed at security
- Sources inherited from project openSUSE:Factory
-
2
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Factory:zSystems/cosign && cd $_ - Create Badge
Refresh
Refresh
Source Files
| Filename | Size | Changed |
|---|---|---|
| _service | 0000000127 127 Bytes | |
| cosign-2.2.4.tar.gz | 0000840586 821 KB | |
| cosign.changes | 0000047301 46.2 KB | |
| cosign.spec | 0000002139 2.09 KB | |
| vendor.tar.zst | 0013248402 12.6 MB |
Latest Revision
Ana Guerrero (anag+factory)
accepted
request 1167811
from
Marcus Meissner (msmeissn)
(revision 20)
- updated to 2.2.4 (jsc#SLE-23879)
* Bug Fixes
* Fixes for GHSA-88jx-383q-w4qc and GHSA-95pr-fxf5-86gv (#3661)
- CVE-2024-29902: Malicious attachments can cause system-wide denial of service (bsc#1222835)
- CVE-2024-29903: Malicious artifects can cause machine-wide denial of service (bsc#1222837)
* ErrNoSignaturesFound should be used when there is no signature attached to an image. (#3526)
* fix semgrep issues for dgryski.semgrep-go ruleset (#3541)
* Honor creation timestamp for signatures again (#3549)
* Features
* Adds Support for Fulcio Client Credentials Flow, and Argument to Set Flow Explicitly (#3578)
* Documentation
* add oci bundle spec (#3622)
* Correct help text of triangulate cmd (#3551)
* Correct help text of verify-attestation policy argument (#3527)
* feat: add OVHcloud MPR registry tested with cosign (#3639) (forwarded request 1167810 from msmeissn)
Comments 0