Rekor Monitor

Project Description

This program verifies inclusion of artifact entries in a public transparency log, Rekor. It also can verify that the correct signature is present in the transparency log or verify the consistency between older and latest checkpoints.

Usage Instructions

supply-chain-rekor-monitor -c

supply-chain-rekor-monitor --inclusion 123456789 --artifact artifact.md

supply-chain-rekor-monitor --consistency --tree-id TREE_ID --tree-size TREE_SIZE --root-hash ROOT_HASH

Installation Steps

git clone https://github.com/cp-57/supply-chain-security.git

Dependencies

This program relies on the following libraries:

argparse: for parsing command-line arguments
cryptography: for handling public key extraction and signature verification
requests: for interacting with Rekor's api

Name		Name	Last commit message	Last commit date
Latest commit History 66 Commits
.github/workflows		.github/workflows
supply_chain_rekor_monitor		supply_chain_rekor_monitor
tests		tests
.coverage		.coverage
.gitignore		.gitignore
.pre-commit-config.yaml		.pre-commit-config.yaml
README.md		README.md
checkpoint.json		checkpoint.json
cyclonedx-sbom.json		cyclonedx-sbom.json
poetry.lock		poetry.lock
pyproject.toml		pyproject.toml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Rekor Monitor

Project Description

Usage Instructions

Installation Steps

Dependencies

About

Uh oh!

Releases 3

Packages

Uh oh!

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

Rekor Monitor

Project Description

Usage Instructions

Installation Steps

Dependencies

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases 3

Packages 0

Uh oh!

Uh oh!

Contributors

Uh oh!

Languages

Packages