Metadata-Version: 2.4
Name: software-supply-chain-hw-1
Version: 3.0.0
Summary: project that tests cosign and the rekor api
License: MIT
License-File: LICENSE
Author: dipto718
Author-email: ssd410@nyu.edu
Requires-Python: >=3.12,<4.0
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Programming Language :: Python :: 3.14
Requires-Dist: autodocstring (>=0.1.2,<0.2.0)
Requires-Dist: bandit (>=1.9.2,<2.0.0)
Requires-Dist: black (>=25.11.0,<26.0.0)
Requires-Dist: cryptography (>=46.0.3,<47.0.0)
Requires-Dist: cyclonedx-bom (>=7.2.1,<8.0.0)
Requires-Dist: flake8 (>=7.3.0,<8.0.0)
Requires-Dist: jsonschema (>=4.25.1,<5.0.0)
Requires-Dist: mypy (>=1.18.2,<2.0.0)
Requires-Dist: pylint (>=4.0.3,<5.0.0)
Requires-Dist: pytest (>=9.0.1,<10.0.0)
Requires-Dist: pytest-cov (>=7.0.0,<8.0.0)
Requires-Dist: requests (>=2.32.5,<3.0.0)
Requires-Dist: ruff (>=0.14.6,<0.15.0)
Description-Content-Type: text/markdown

# Software Supply Chain HW Description
To build this project I downloaded the template from
github.com/mayank-ramnani/python-rekor-monitor-template
and then filled in the missing areas.
This project essentially tests multiple aspects of both
cosign and rekor transparency log by making sure that an
example artifact was signed succesfully and that its
signature was uploaded succesfully to the rekor
transparency log.
# Usage Instructions
To use the project one only needs to first make their
own artifact, it can be anything but I'll use artifact.md
in the instructions. It must then be signed with the command
"cosign sign-blod artifact.md --bundle artifact.bundle".
Now to use the project you just need to enter "python
main.py" along with the appropriate command afterwards
for the action you are doing. For example, "python main.py
-c" would get the latest entry from the rekor transparency log.
# Installation instructions
To run the project itself, only cosign and python need
to be installed.

