-
**Description**
[Noted here:](https://github.com/sigstore/rekor-monitor/blob/48375db9da425b4d9985ca13cb9f854b4f59439d/pkg/rekor/identity.go#L65)- currently, the MonitoredValues struct has separate …
-
I was chatting with @woodruffw about how SLSA interacts with Sigstore, and he pointed out that a lot of the information in SLSA provenance is already present in Fulcio certificates (see https://github…
kpk47 updated
8 months ago
-
Thanks to @EthanHeilman for the idea and sketch of how it might work.
Proof of concept plan:
1. Write/find code for [GQ signatures](https://crypto.stackexchange.com/questions/16015/proving-the-p…
-
Captured from PRs
* [ ] Integration tests for https://github.com/containers/image/pull/1595
* [ ] Integration tests for https://github.com/containers/image/pull/1597
* [ ] Integration tests fo…
-
I think these are all fine as incremental improvements. If I'm allowed to dream big:
--------------------------------------------------------------------------------
My overall philosophy here i…
-
**Description**
See https://github.com/sigstore/fulcio/issues/955
The same goes for email: emails could be reused. For instance, suppose someone drops their gmail account, and somebody else creates …
-
Hi @mayaCostantini , the guide which you wrote is very helpful for local sigstore setup.
I have configured the keycloak and fulcio as mentioned, but Im getting the below error.
main.go:74: error…
-
**Docs Improvement**
TL;DR - I would like to get involved Sigstore and help improve documentation with a focus on the installation and configuration of each component.
**Intro**
Hi all, I pri…
-
**Description**
This will require a change to upstream sigstore/sigstore and then we can call the function to get rekor pubs from sigstore's root.
cc @imjasonh @haydentherapper
asraa updated
2 years ago
-
Looking at https://github.com/ossf/scorecard-webapp/tree/f55dfbf0ddc1620a716f571636569e01e2e222c5/app/server, it appears that the Sigstore trust root metadata, `rekor.pub` and `fulcio_v1.crt` and the …