scitt-ccf-ledger
Supply Chain Integrity Transparency and Trust ledger application using Confidential Consortium Framework (CCF)
MIT License
Bot releases are visible (Hide)
Published by github-actions[bot] about 1 month ago
What's Changed
- Use PEM parsing provided in pycose library by @ivarprudnikov in https://github.com/microsoft/scitt-ccf-ledger/pull/218
- Fixes pretty-receipt command for COSE envelopes with embedded receipts by @ivarprudnikov in https://github.com/microsoft/scitt-ccf-ledger/pull/219
- Remove unused prefix tree support by @ivarprudnikov in https://github.com/microsoft/scitt-ccf-ledger/pull/216
- Bump the pip cryptography to 43 and ccf to 5.0.4 by @dependabot in https://github.com/microsoft/scitt-ccf-ledger/pull/220
- Azure DevOps to use private feeds for Python deps by @ivarprudnikov in https://github.com/microsoft/scitt-ccf-ledger/pull/221
- CLI: extract payload from COSE envelopes by @ivarprudnikov in https://github.com/microsoft/scitt-ccf-ledger/pull/222
New Contributors
- @dependabot made their first contribution in https://github.com/microsoft/scitt-ccf-ledger/pull/220
Full Changelog: https://github.com/microsoft/scitt-ccf-ledger/compare/0.9.0...0.9.1
What's Changed
- Updating URL from ccf.dev by @heidihoward in https://github.com/microsoft/scitt-ccf-ledger/pull/204
- Add configurable policy via sandboxed JS execution by @eddyashton in https://github.com/microsoft/scitt-ccf-ledger/pull/203
- did:x509 issuer support in IETF profile by @achamayou in https://github.com/microsoft/scitt-ccf-ledger/pull/206
- Allow svn parameter in the protected header by @achamayou in https://github.com/microsoft/scitt-ccf-ledger/pull/209
- example policy script and how to configure the application in dev by @ivarprudnikov in https://github.com/microsoft/scitt-ccf-ledger/pull/210
- Adds SGX build using custom 1ES GitHub SGX pool by @ivarprudnikov in https://github.com/microsoft/scitt-ccf-ledger/pull/213
- New cli argument allowing to specify receipt type to get after submission by @ivarprudnikov in https://github.com/microsoft/scitt-ccf-ledger/pull/212
- Accept CWT_Claims in envelopes, and expose them to policy by @achamayou in https://github.com/microsoft/scitt-ccf-ledger/pull/211
- Resolve Codeql complaints by @ivarprudnikov in https://github.com/microsoft/scitt-ccf-ledger/pull/215
- Update build status badges on readme [ci skip] by @ivarprudnikov in https://github.com/microsoft/scitt-ccf-ledger/pull/214
- Preparation for release 0.9.0 by @andpiccione in https://github.com/microsoft/scitt-ccf-ledger/pull/217
New Contributors
- @heidihoward made their first contribution in https://github.com/microsoft/scitt-ccf-ledger/pull/204
- @eddyashton made their first contribution in https://github.com/microsoft/scitt-ccf-ledger/pull/203
Full Changelog: https://github.com/microsoft/scitt-ccf-ledger/compare/0.8.0...0.9.0
Published by github-actions[bot] 3 months ago
What's Changed
- Improve reproducibility steps by @ivarprudnikov in https://github.com/microsoft/scitt-ccf-ledger/pull/194
- Fix CBOR encoder buffer overflow for large claims by @andpiccione in https://github.com/microsoft/scitt-ccf-ledger/pull/196
- Update the CCF version to 5.0.0 by @maxtropets in https://github.com/microsoft/scitt-ccf-ledger/pull/200
- Fix the path to runtime version by @ivarprudnikov in https://github.com/microsoft/scitt-ccf-ledger/pull/201
- Update OneBranch pipeline by @maxtropetsin https://github.com/microsoft/scitt-ccf-ledger/pull/202
Full Changelog: https://github.com/microsoft/scitt-ccf-ledger/compare/0.7.2...0.8.0
Published by vimauro 5 months ago
What's Changed
- trigger test by @ivarprudnikov in https://github.com/microsoft/scitt-ccf-ledger/pull/190
- Migrate azure pipelines to one branch pipelines for PR builds by @ivarprudnikov in https://github.com/microsoft/scitt-ccf-ledger/pull/191
- Updated to CCF 4.0.17 by @vimauro in https://github.com/microsoft/scitt-ccf-ledger/pull/192
- Update changelog for ccf 4.0.17 by @vimauro in https://github.com/microsoft/scitt-ccf-ledger/pull/193
Full Changelog: https://github.com/microsoft/scitt-ccf-ledger/compare/0.7.1...0.7.2
Published by prathod09 7 months ago
What's Changed
- [Docs] Update readme with issues encountered and workaround by @sumitis14 in https://github.com/microsoft/scitt-ccf-ledger/pull/186
- Update to CCF 4.0.16 by @prathod09 in https://github.com/microsoft/scitt-ccf-ledger/pull/188
- Update changelog for ccf 4.0.16 by @prathod09 in https://github.com/microsoft/scitt-ccf-ledger/pull/189
New Contributors
- @sumitis14 made their first contribution in https://github.com/microsoft/scitt-ccf-ledger/pull/186
- @prathod09 made their first contribution in https://github.com/microsoft/scitt-ccf-ledger/pull/188
Full Changelog: https://github.com/microsoft/scitt-ccf-ledger/compare/0.7.0...0.7.1
Published by github-actions[bot] 7 months ago
What's Changed
- adds mrenclave to receipt header by @ivarprudnikov in https://github.com/microsoft/scitt-ccf-ledger/pull/176
- Fix demo links by @ivarprudnikov in https://github.com/microsoft/scitt-ccf-ledger/pull/180
- Simplifies CTS demo scripts, adds AKV example by @ivarprudnikov in https://github.com/microsoft/scitt-ccf-ledger/pull/182
- Update to CCF 4.0.15 by @andpiccione in https://github.com/microsoft/scitt-ccf-ledger/pull/184
- Update pyscitt CLI and demo scripts for claims verification scenarios by @andpiccione in https://github.com/microsoft/scitt-ccf-ledger/pull/183
Full Changelog: https://github.com/microsoft/scitt-ccf-ledger/compare/0.6.1...0.7.0
Published by github-actions[bot] 9 months ago
What's Changed
- docs: show how to configure accepted DID issuers by @ivarprudnikov in https://github.com/microsoft/scitt-ccf-ledger/pull/175
- Add more debug logs in the main SCITT controllers by @andpiccione in https://github.com/microsoft/scitt-ccf-ledger/pull/177
- Update to CCF 4.0.14 by @andpiccione in https://github.com/microsoft/scitt-ccf-ledger/pull/178
Full Changelog: https://github.com/microsoft/scitt-ccf-ledger/compare/0.6.0...0.6.1
Published by github-actions[bot] 9 months ago
What's Changed
- Update README with new pyscitt package by @andpiccione in https://github.com/microsoft/scitt-ccf-ledger/pull/170
- Update CCF constitution to be compatible with the new ccf.crypto package by @andpiccione in https://github.com/microsoft/scitt-ccf-ledger/pull/171
- Add sample scripts for signing SCITT claims with certificates in Azure Key Vault by @andpiccione in https://github.com/microsoft/scitt-ccf-ledger/pull/172
- Update CCF to 4.0.12 and add support for OpenSSL 3.x by @andpiccione in https://github.com/microsoft/scitt-ccf-ledger/pull/173
- Update CHANGELOG for upcoming 0.6.0 release by @andpiccione in https://github.com/microsoft/scitt-ccf-ledger/pull/174
Full Changelog: https://github.com/microsoft/scitt-ccf-ledger/compare/0.5.3...0.6.0
Published by github-actions[bot] 10 months ago
Published by github-actions[bot] 10 months ago
Published by github-actions[bot] 11 months ago
Published by github-actions[bot] 12 months ago
Added
Adds tag based workflow to build and release CLI (#161)
Add support for COSE signing in python clients and tests (#154)
Add utility scripts for demos and testing (#158)
Doc with steps to reproduce mrenclave (#153)
Adds new GitHub action to run unit tests (#146)
Add documentation to build and push docker images (#145)
Changes
Upgrade to CCF 4.0.7 (#156)
Defaults to did resolver if service params not passed when validating (#160)
Print MRENCLAVE after the docker build (#151)
Updated Azure Pipelines pool (#150)
Wait for cchost config to be available (#144)
Refactor perf tests (#143)
Switch the operations callback to use an indexing strategy. (#140)
Enhance devcontainer config (#139)
Don't store operation contexts in the KV. (#137)
Fixed
Fix security vulnerabilities related to cryptography package (#159)
Fix SCITT demo script (#142)
Fix load test (#138)
Published by letmaik over 1 year ago
Added
- Auth errors are now logged (#130).
- Output from the did:web resolution subprocess is now logged (#136).
- The service DID document is now also available at the well-known endpoint (#128).
Changes
- Update to CCF 3.0.9 (#136).
Published by letmaik over 1 year ago
Added
- Add documentation on configuration (#103).
- did:web resolution failures are now logged and returned to clients through the updated REST API (#125).
Changes
- Update to CCF 3.0.6 (#118).
- REST API has been updated to reflect changes in the IETF specificiation (#108). Note that this is a breaking change.
- Tighten certificate validation for X.509-based claim profiles (#104). Note that self-signed end-entity certificates are not supported anymore as trust anchors.
Fixed
- Fix a memory leak when generating receipts (#102).
- Fix a crash when decoding malformed X.509 certificates (#97).
- Fix decoding of non-string content type COSE header parameter (#97).
- Fix a use-after-free bug in the historic query LRU cache (#109).
Published by letmaik over 1 year ago
Changed
- Include all past service identities in the DID endpoint (#85).
Fixed
- Don't hardcode localhost in did:web resolver callback address (#92).
Published by letmaik over 1 year ago
Added
- Add support for Notary COSE profile (#73). Note that this is currently experimental and not supported by the IETF specifications that are being developed.
- Add support for
x-ms-request-id/x-ms-client-request-idcorrelation headers (#79). All log messages originating from the app include the request id and, if available, the client request id. Note that support for W3C Trace Context headers may be added in the future. - Emit log messages for each request (#79).
- Add
GET /scitt/did.jsonendpoint that returns a DID document of the service in support of resolvable service identifiers in receipts (#68). Note that this is still experimental and will likely change. For now, only the current service identity key is included in the DID document, which means that receipts issued with old identities cannot be validated yet. - Add option in
pyscittto sign governance proposals using Azure Key Vault (#54).
Changed
- Change test clients to not use
/appprefix when making API calls during testing (#64). Note that CCF started exposing app endpoints both at the root as well as the old/appprefix. It is recommended that clients remove the/appprefix. - Change
kidto be a relative DID URL by prefixing with#(#67). This is a breaking change in claims that use DIDs as issuers. - Enable authentication for read-only app endpoints (#78). Previously, only
POST /entriesused authentication. - Reduce
retry-afterresponse header value from 3 to 1 second for historical queries (#76).
Removed
- Remove the
/constitutionendpoint in favour of CCF's built-in/gov/kv/constitutionendpoint (#65). This endpoint is currently used inpyscittto patch an existing constitution.
Fixed
- Change the signature in receipts from ASN1/DER to IEEE encoding (#61). Note that this is a breaking change.
Published by letmaik almost 2 years ago
Added
- Add a
update_scitt_constitutiongovernance command to pyscitt (#3). This allows to update just the SCITT part of an existing constitution, leaving the rest intact. - Add
/app/constitutionendpoint to retrieve the current constitution (#3). - Add
/app/versionendpoint to retrieve release version (#42). This is equivalent to the git tag of the repository. - Extend configuration to restrict issuers (#13). By default, all issuers are allowed.
- Add experimental
issandkidfields to receipts (#35). To enable this, theservice_identifierfield has to be set in the SCITT-specific configuration. Note that the existingservice_idfield in receipts is still kept for now.
Changed
- Update to CCF 3.0.2 from 2.0.8 (#45). The QCBOR and t_cose libraries are now consumed from CCF itself.
- Update to pycose 1.0 (#34).
- Return a nice error instead of 500 when no prefix tree has been committed yet (#26).
Published by letmaik almost 2 years ago
Added
- Initial release.
