Python Rekor Monitor

Verify your software using trusted supply chains.

Description

This repository uses Rekor API, a tool that helps improve security in software supply chains by providing immutable records of software build metadata. This repository includes code that interacts with Rekor's API and verifies the consistency using transparency logs.

Installation

Clone the repository:

git clone https://github.com/JacksonQu/Software-Supply-Chain-Security-Assignment1.git
cd Software-Supply-Chain-Security-Assignment1/

(Optional) Create a virtual environment:

python -m venv venv
source venv/bin/activate

Install dependencies:

pip install cryptography requests

Usage

Fetch a checkpoint of Rekor transparency log.

python main.py -c

Verify the artifact signature.

python main.py --inclusion {logIndex} --artifact {filepath}

Verify merkle tree consistency.

python main.py --consistency --tree-id {treeID} --tree-size {treeSize} --root-hash {hash}

Reference

Fork from mayank-ramnani/python-rekor-monitor-template
Rekor API Sepc

JacksonQu / Software-Supply-Chain-Security-Assignment1

readme

Python Rekor Monitor

Description

Installation

Usage

Reference