cosign
https://github.com/sigstore/cosign
Cosign aims to make signatures invisible infrastructure.
Cosign supports:
- Hardware and KMS signing
- Bring-your-own PKI
- Our free OIDC PKI (Fulcio)
- Built-in
- Developed at security
- Sources inherited from project openSUSE:Factory
-
2
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Factory:zSystems/cosign && cd $_
- Create Badge
Refresh
Refresh
Source Files
Filename | Size | Changed |
---|---|---|
_service | 0000000127 127 Bytes | |
cosign-2.0.0.tar.gz | 0006654819 6.35 MB | |
cosign.changes | 0000037213 36.3 KB | |
cosign.spec | 0000002344 2.29 KB | |
vendor.tar.zst | 0012267745 11.7 MB |
Revision 13 (latest revision is 20)
Dominique Leuenberger (dimstar_suse)
accepted
request 1067999
from
Marcus Meissner (msmeissn)
(revision 13)
- update to 2.0.0 (jsc#SLE-23879) Breaking Changes: * insecure-skip-tlog-verify: rename and adapt the cert expiration check (#2620) * Deprecate --certificate-email flag. Make --certificate-identity and -… (#2411) Enhancements: * Change go module name to github.com/sigstore/cosign/v2 for Cosign 2.0 (#2544) * Allow users to pass in a path for the --identity-token flag (#2538) * Breaking change: Respect tlog-upload=false, default to true (#2505) * Support outputing a certificate without uploading to the tlog (#2506) * Attestation/Blob signing and verification using a RFC3161 time-stamping server (#2464) * respect tlog-upload flag with TSA (#2474) * Better feedback if specifying incompatible argument on cosign sign --attachment (#2449) * Support TSA and Rekor verifications (#2463) * add support for tsa signing and verification of images (#2460) * cosign policy sign: remove experimental flag and make keyless signing default (#2459) * Remove experimental mode from cosign attest and verify-attestation (#2458) * Remove experimental mode from sign-blob and verify-blob (#2457) * Add --offline flag to force offline verification (#2427) * Air gap support (#2299) * Breaking change: Change SCT verification behavior to default to enforcement (#2400) * Breaking change: remove --force flag from sign and attest and rely on --yes flag to skip confirmation (#2399) * Breaking change: replace --no-tlog-upload flag with --tlog-upload flag (#2397) * Remove experimental flag from cosign sign and cosign verify (#2387) * verify: remove SIGSTORE_TRUST_REKOR_API_PUBLIC_KEY test env var for using a key from rekor's API (#2362) * Add warning to use digest instead of tags to other cosign commands (#2650) * Fix up UI messages (#2629) * Remove hardcoded Fulcio from output (#2621) * Fix missing privacy statement, print in multiple locations (#2622) * feat: allows custom key names for import-key-pair (#2587) * feat: support keyless verification for verify-blob-attestation (#2525) (forwarded request 1067997 from msmeissn)
Comments 0