project that tests cosign and the rekor api

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for dipto718 from gravatar.com dipto718

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: dipto718
  • Requires: Python <4.0, >=3.12
Classifiers
Report project as malware

Project description

Software Supply Chain HW Description

To build this project I downloaded the template from github.com/mayank-ramnani/python-rekor-monitor-template and then filled in the missing areas. This project essentially tests multiple aspects of both cosign and rekor transparency log by making sure that an example artifact was signed succesfully and that its signature was uploaded succesfully to the rekor transparency log.

Usage Instructions

To use the project one only needs to first make their own artifact, it can be anything but I'll use artifact.md in the instructions. It must then be signed with the command "cosign sign-blod artifact.md --bundle artifact.bundle". Now to use the project you just need to enter "python main.py" along with the appropriate command afterwards for the action you are doing. For example, "python main.py -c" would get the latest entry from the rekor transparency log.

Installation instructions

To run the project itself, only cosign and python need to be installed.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for dipto718 from gravatar.com dipto718

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: dipto718
  • Requires: Python <4.0, >=3.12
Classifiers

Release history Release notifications | RSS feed

This version

3.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

software_supply_chain_hw_1-3.0.0.tar.gz (6.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

software_supply_chain_hw_1-3.0.0-py3-none-any.whl (8.1 kB view details)

Uploaded Python 3

File details

Details for the file software_supply_chain_hw_1-3.0.0.tar.gz.

File metadata

  • Download URL: software_supply_chain_hw_1-3.0.0.tar.gz
  • Upload date:
  • Size: 6.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/2.2.1 CPython/3.12.3 Linux/6.14.0-36-generic

File hashes

Hashes for software_supply_chain_hw_1-3.0.0.tar.gz
Algorithm Hash digest
SHA256 47c9781091e04eaedc8ca132f6d838881f2faee2940a90d0835cc4ed0cebb748
MD5 3455bb7f95331701628502fa98079690
BLAKE2b-256 088568aac99cdc9604f46f9e353c319ebe7194a96cdb977193d112251af84935

See more details on using hashes here.

File details

Details for the file software_supply_chain_hw_1-3.0.0-py3-none-any.whl.

File metadata

File hashes

Hashes for software_supply_chain_hw_1-3.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 d9c251cb71c72679079484495297d9833d1a5ba60e2dd39ed1b6b823d296bf2b
MD5 6c208d593819e38b130f1518cf77c8f2
BLAKE2b-256 fc12f6939009543c4bd3f061935fb9372ef5d195971d6ec37ea49d1414ad96a3

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page