rekor
Safeguard articles tagged "rekor" — guides, analysis, and best practices for software supply chain and application security.
4 articles
Rekor transparency log
What is Rekor? It's the public, immutable transparency log at the heart of Sigstore that records software signing events for tamper-evident verification.
Sigstore Rekor Transparency Log Deep Dive 2026
How Rekor actually works in 2026, the trade-offs of the current Merkle tree design, witness diversity, and the operational realities of verifying inclusion at scale.
Sigstore Rekor Transparency Log Operations
Rekor is the transparency log behind Sigstore, and understanding its operational model matters more than most teams realise. Here is how we run against it in production.
How to Set Up Sigstore in Your Build Pipeline
Wire Sigstore into GitHub Actions end-to-end: OIDC identity, Cosign signing, Rekor transparency, and policy-controller enforcement — with working snippets.