rekor

Jan 1, 0001

Definition

Rekor is an open-source transparency log service designed to enhance the security of software supply chains. It records metadata about software artifacts, such as signatures and checksums, in an immutable, append-only log. This enables users to verify the integrity and authenticity of software components by cross-referencing the log entries, thus providing a mechanism to detect tampering or unauthorized modifications.

Secure Settings Example

apiVersion: v1
kind: ConfigMap
metadata:
  name: rekor-config
data:
  rekorServer: "https://rekor.example.com"
  logLevel: "info"
  enableTLS: "true"
  tlsCertFile: "/etc/rekor/tls.crt"
  tlsKeyFile: "/etc/rekor/tls.key"
  allowAnonymousRead: "false"

Insecure Settings Example

apiVersion: v1
kind: ConfigMap
metadata:
  name: rekor-config
data:
  rekorServer: "http://rekor.example.com"
  logLevel: "debug"
  enableTLS: "false"
  allowAnonymousRead: "true"

rekor

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter