rekor
rekor copied to clipboard
sigstore
Software Supply Chain Transparency Log
#### Summary This PR adds a new type that represents a generic package from a package manager. #### Ticket Link Fixes #804 #### Release Note ```release-note TODO ```
#### Summary Adds a DSSE type that validated each signature on the envelope. If the payload is an in-toto statement all in-toto subjects will be indexed. The hash of the...
There are a few Rekor use cases that involve making a bunch of related signatures in a row. These include: - [GitSign](https://github.com/sigstore/gitsign) (CC @wlynch): during a rebase you may need...
**Description** Currently if I provide multiple search flags to `rekor-cli search`, I get the union of results with those individual terms (without duplicates removed): ``` $ rekor-cli search --sha `sha256sum...
Rekor indexes its entries on identities, such as emails. On GitHub, identities may be users (email, username) or workflows/re-usable workflows. So it would be great to index on these too....
Right now, sharding the log requires about 10-20 minutes of downtime. Sharding process currently looks like this: 1. Create a new trillian tree 2. Mark the current tree as frozen...
***Note*: this is targeted at a feature branch, not main. I intend to continue to refine the gRPC work in a branch until we get it ready to merge over...
**Description** Currently, we must manually update the timestamping authority certificate chain every 6 months. Additionally, each instance of Rekor generates its own signing certificate on startup, so it is difficult...
I'm trying to record the pgp signature of the QubesOS iso in rekor. The system seems to run out of memory (despite having 64gb and the iso only being 5.2gb)....
The shard config data should be a (strict or not) subset of actual shards. That is, it should not contain any treeIDs that don't exist in trillian in reality. We...
