Skip to content
Snippets Groups Projects
Select Git revision
  • evidentia default
  • wip
  • main protected
  • v0.9.1
  • v0.9.0
  • v0.8.2
  • v0.8.1
  • v0.8.0
  • v0.7.0
  • v0.6.0
  • v0.5.0
  • v0.4.0
  • v0.3.0
  • v0.2.0
  • v0.1.1
  • v0.1.0
16 results
Compare
user avatar
Remove API key from path to new log entry (#185)
Bob Callaway authored 
Since the API key can be specified as an environment variable and could
be thought of as an authentication credential, it should not be included
in the path to the created entry in the log.

Previously we simply appended the new entry's UUID to the full URL,
which was incorrect if an API key was specified as a query parameter.

Fixes #182

Signed-off-by: default avatarBob Callaway <bcallawa@redhat.com>
b0eae9b8
History
user avatar b0eae9b8
History
Name Last commit Last update
.github
cmd
config
pkg
scripts
tests
.gitattributes
.gitignore
CODE_OF_CONDUCT.md
CONTRIBUTORS.md
COPYRIGHT.txt
Dockerfile
LICENSE
MAINTAINERS.md
Makefile
OWNERS.md
README.md
docker-compose.debug.yml
docker-compose.yml
go.mod
go.sum
openapi.yaml
rekor-server.yaml
README.md

Rekor

Rekór - Greek for “Record”

Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. Rekor will enable software maintainers and build systems to record signed metadata to an immutable record. Other parties can then query said metadata to enable them to make informed decisions on trust and non-repudiation of an object's life-cycle. For more details visit the rekor website

The Rekor project provides a restful API based server for validation and a transparency log for storage. A CLI application is available to make and verify entries, query the transparency log for inclusion proof, integrity verification of the transparency log or retrieval of entries by either public key or artifact.

For more details on setting up a server, visit the following link

For details on CLI usage, visit the following link

If you're interesting in integration with rekor, we have an OpenAPI swagger editor

A public instance of rekor can be found at api.rekor.dev

Rekor allows customized manifests (which term them as types), type customization is outlined here.

Contributions

Rekor is still in its early phase of development, so we welcome contributions from anyone.