cosign
https://github.com/sigstore/cosign
Cosign aims to make signatures invisible infrastructure.
Cosign supports:
- Hardware and KMS signing
- Bring-your-own PKI
- Our free OIDC PKI (Fulcio)
- Built-in
- Devel package for openSUSE:Factory
-
3
derived packages
- Links to openSUSE:Factory / cosign
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout security/cosign && cd $_
- Create Badge
Refresh
Refresh
Source Files
Filename | Size | Changed |
---|---|---|
_service | 0000000127 127 Bytes | |
cosign-2.2.4.tar.gz | 0000840586 821 KB | |
cosign.changes | 0000047499 46.4 KB | |
cosign.spec | 0000004128 4.03 KB | |
vendor.tar.zst | 0013248402 12.6 MB |
Revision 38 (latest revision is 41)
Marcus Meissner (msmeissn)
accepted
request 1167810
from
Marcus Meissner (msmeissn)
(revision 38)
- updated to 2.2.4 (jsc#SLE-23879) * Bug Fixes * Fixes for GHSA-88jx-383q-w4qc and GHSA-95pr-fxf5-86gv (#3661) - CVE-2024-29902: Malicious attachments can cause system-wide denial of service (bsc#1222835) - CVE-2024-29903: Malicious artifects can cause machine-wide denial of service (bsc#1222837) * ErrNoSignaturesFound should be used when there is no signature attached to an image. (#3526) * fix semgrep issues for dgryski.semgrep-go ruleset (#3541) * Honor creation timestamp for signatures again (#3549) * Features * Adds Support for Fulcio Client Credentials Flow, and Argument to Set Flow Explicitly (#3578) * Documentation * add oci bundle spec (#3622) * Correct help text of triangulate cmd (#3551) * Correct help text of verify-attestation policy argument (#3527) * feat: add OVHcloud MPR registry tested with cosign (#3639)
Comments 0