cosign
https://github.com/sigstore/cosign
Cosign aims to make signatures invisible infrastructure.
Cosign supports:
- Hardware and KMS signing
- Bring-your-own PKI
- Our free OIDC PKI (Fulcio)
- Built-in
- Sources inherited from project SUSE:SLE-15-SP4:GA
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Leap:15.4:Update/cosign && cd $_ - Create Badge
Refresh
Refresh
Source Files
| Filename | Size | Changed |
|---|---|---|
| cosign-1.5.2.tar.gz | 0006597815 6.29 MB | |
| cosign.changes | 0000006562 6.41 KB | |
| cosign.spec | 0000002490 2.43 KB | |
| vendor.tar.bz2 | 0012909054 12.3 MB |
Latest Revision
Stefan Weiberg (suntorytimed)
committed
(revision 3)
- updated to 1.5.2:
- This release contains fixes for CVE-2022-23649, affecting signature
validations with Rekor. Only validation is affected, it is not necessary
to re-sign any artifacts. (bsc#1196239)
- updated to 1.5.1:
- Bump sigstore/sigstore to pick up oidc login for vault. (#1377)
- Bump google.golang.org/api from 0.65.0 to 0.66.0 (#1371)
- expose dafaults fulcio, rekor, oidc issuer urls (#1368)
- add check to make sure the go modules are in sync (#1369)
- README: fix link to race conditions (#1367)
- Bump cloud.google.com/go/storage from 1.18.2 to 1.19.0 (#1365)
- docs: verify-attestation cue and rego policy doc (#1362)
- Update verify-blob to support DSSEs (#1355)
- organize, update select deps (#1358)
- Bump go-containerregistry to pick up ACR keychain fix (#1357)
- Bump github.com/go-openapi/runtime from 0.21.0 to 0.21.1 (#1352)
- sync go modules (#1353)
Comments 0