rekor
rekor copied to clipboard
sigstore
Software Supply Chain Transparency Log
Related to the following in k8s release SIG : https://github.com/kubernetes/release/issues/1837#issuecomment-777076220 Explore inclusion of SPDX manifests (XML :frowning: ) , namely: * What sort of values would be critical (place in...
We could make some other types of (UNTRUSTED) feeds available to simplify integrations. * All entries could get sent to a public pubsub/kafka topic for others to use. * All...
There might be a few already we can pull from in the Trillian examples. It could be as simple as a bash for loop that tails one log with `rekor-cli...
Signed-off-by: Priya Wadhwa ref https://github.com/sigstore/rekor/issues/1005 #### Summary #### Release Note #### Documentation
**Description** I think Trillian is fairly heavy-weight, and the verify pkg shouldn't include too many external deps. This is preventing its usage in sigstore/cosign; a draft PR with the changes...
#### Summary Refactoring e2e tests. There will be multiple PRs to move the e2e to specific folders. Some code is duplicated up until all the e2e code is refactored. https://github.com/sigstore/rekor/issues/1075...
We're seeing this error in a non-trivial number of our e2e test runs w/ [slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator). ``` &{0 } (*models.Error) is not supported by the TextConsumer, can be resolved by supporting...
Can rekor be run at the edge and use something like workers.dev and a data store to enhance resiliency as scale is achieved? Serverless rekor?? @Cloudflare
Pre-release is out! We want to release Rekor 1.0 at 45f17ce35901b0439c468f248b7121de001eb7da to include a change to rekor-cli which wasn't included in the pre-release. A tracking issue for Rekor 1.0 Items...
It is unpleasant to have to iterate through inactiveShards as a rekor client to find the tree head of a given shard. I think the aim was that rekor clients...