rekor
rekor copied to clipboard
sigstore
Software Supply Chain Transparency Log
This relates to the sharding work, ex. #487 . There are many places in the code that refer to a UUID. However, the new, longer UUID is called an "EntryID"...
**Description** Expanding on https://github.com/sigstore/rekor/issues/592, it is not enough to just produce CloudEvents, we could implement the [CloudEvents HTTP Webhook](https://github.com/cloudevents/spec/blob/v1.0.1/http-webhook.md), allowing folks to stop polling the REST endpoints with active pushes...
Currently the in-toto type does not contain any signatures. This prevents users of in-toto records from verifying attestations that are stored in rekor's attestation stores. Additionally, the IntotoObj.content.hash refers to...
**Description** To build efficient monitoring tooling it would be very nice to support an eventing / streaming API. Cloud events was mentioned as a potential avenue for this functionality @bobcallaway
Please feel free to correct, if I haven't gotten this right: I assume, if a client queries the ledger to verify a signature e.g. for a specific signature of a...
We should update deployment guides and include new features such as types available (jar) and timestamping.
We could send some patches upstream, or build these ourselves. We don't really need them to come from upstream, it's just convenience. It's not even clear they intend for these...
**TL;DR:** We propose signing the tlog entities using GPG to verify source of truth --- **Description** If we sign a file using [keyless](https://github.com/sigstore/cosign/blob/main/KEYLESS.md) mode with cosign, we [upload](https://github.com/sigstore/cosign/blob/2ad95b34299b6e4f5fa32f1e161ce0b670b7c47a/cmd/cosign/cli/sign/sign_blob.go#L94) a tlog...
**Description** Rekor could expose a gRPC endpoint along with REST which will help with performance #481 to publish large binaries
Currently, the API only supports searching by a single parameter. I would like to be able to give the API a list of hashes and to return all of the...
