Data

Tools

Indexes

Applications

Experiments

Packages

An open API service providing package, version and dependency metadata of many open source software ecosystems and registries.

Top 1.1% on proxy.golang.org
Top 0.2% dependent packages on proxy.golang.org
Top 0.3% dependent repos on proxy.golang.org
Top 2.4% forks on proxy.golang.org
Top 0.2% docker downloads on proxy.golang.org

proxy.golang.org : github.com/sigstore/rekor

Software Supply Chain Transparency Log

Registry - Source - Documentation - JSON
purl: pkg:golang/github.com/sigstore/rekor
Keywords: provenance , security , supply-chain , transparency-log
License: Apache-2.0
Latest release: about 2 months ago
First release: almost 5 years ago
Namespace: github.com/sigstore
Dependent packages: 496
Dependent repositories: 789
Stars: 1,006 on GitHub
Forks: 183 on GitHub
Docker dependents: 412
Docker downloads: 458,868,950
Total Commits: 1586
Committers: 77
Average commits per author: 20.597
Development Distribution Score (DDS): 0.465
More commit stats: commits.ecosyste.ms
See more repository details: repos.ecosyste.ms
Last synced: about 24 hours ago

Moderate
GSA_kwCzR0hTQS1mcnF4LWpmY20tNmpqcs4AAzfX
malformed proposed intoto entries can cause a panic
Ecosystems: go
Packages: github.com/sigstore/rekor
Source: github
Published: over 2 years ago
High
GSA_kwCzR0hTQS0yaDVoLTU5ZjUtYzV4Oc4AAzEu
Rekor's compressed archives can result in OOM conditions
Ecosystems: go
Packages: github.com/sigstore/rekor
Source: github
Published: over 2 years ago