Skip to content

feat(rekor-v2): unify provenance metadata schema and add OCI-based RVPS verification path#163

Open
jialez0 wants to merge 1 commit intoopenanolis:mainfrom
jialez0:jialez0
Open

feat(rekor-v2): unify provenance metadata schema and add OCI-based RVPS verification path#163
jialez0 wants to merge 1 commit intoopenanolis:mainfrom
jialez0:jialez0

Conversation

@jialez0
Copy link
Collaborator

@jialez0 jialez0 commented Mar 18, 2026

Add end-to-end Rekor v2 support across generator, RVPS, client, and release workflow. Standardize provenance metadata to sourceBundle + dsseEnvelope (+ rekorEntryV2).

Add OCI provenance fetch/parse in RVPS and enforce DSSE-Rekor digest consistency checks. Introduce a v2 audit script with checkpoint signature, inclusion proof, and append-only verification. Update challenge-client args plus API/docs to align with provenance_source fields and release-asset flow.

@jialez0
feat(rekor-v2): unify provenance metadata schema and add OCI-based RV…
3941ec8 
…PS verification path

Add end-to-end Rekor v2 support across generator, RVPS, client, and release workflow.
Standardize provenance metadata to sourceBundle + dsseEnvelope (+ rekorEntryV2).

Add OCI provenance fetch/parse in RVPS and enforce DSSE-Rekor digest consistency checks.
Introduce a v2 audit script with checkpoint signature, inclusion proof, and append-only verification.
Update challenge-client args plus API/docs to align with provenance_source fields and release-asset flow.

Signed-off-by: Jiale Zhang <zhangjiale@linux.alibaba.com>
@shankailun-aliyun
Copy link
Collaborator

shankailun-aliyun commented Mar 18, 2026

@jialez0 ,您好,您的请求已接收,请耐心等待结果。

@shankailun-aliyun
Copy link
Collaborator

shankailun-aliyun commented Mar 18, 2026

@jialez0 ,您好,未检测到有镜像需要构建,如需重新检测请评论 /start

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jialez0 @shankailun-aliyun