Rekor is an append-only, transparency log that provides an immutable record of software signing events. It stores signed metadata—including signatures, certificates, and attestations—in a Merkle tree data structure, generating a verifiable root hash that makes retroactive tampering or log manipulation computationally infeasible. This architecture ensures non-repudiation, proving that a specific artifact was signed at a specific point in time.
Glossary
Rekor

What is Rekor?
Rekor is the immutability and transparency log service within the Sigstore project that stores cryptographically verifiable records of software signatures, enabling users to audit and verify that an artifact was signed and included in the public ledger.
As a core component of the Sigstore ecosystem, Rekor works alongside Fulcio (the certificate authority) to enable keyless signing workflows. When a developer signs an artifact, the signature and ephemeral certificate are uploaded to Rekor, creating a publicly auditable entry. Monitors can then query the log to verify inclusion proofs, ensuring that no signed artifact exists outside the public record and enabling detection of unauthorized signing events.
Key Features of Rekor
Rekor provides the immutable, verifiable ledger that underpins the Sigstore ecosystem, ensuring every software signature is publicly auditable and cryptographically undeniable.
Append-Only Immutability
Rekor operates as a Write-Once-Read-Many (WORM) data store. Once an entry is recorded in the log, it cannot be modified, deleted, or reordered without detection. This is enforced through a cryptographically verifiable Merkle Tree structure, where each new entry strengthens the integrity of all previous entries by incorporating their hashes into a new root hash. Any attempt to retroactively alter a historical record would invalidate the entire tree structure, making tampering mathematically evident to any auditor.
Cryptographic Verifiability
Rekor enables offline and online verification of the inclusion and consistency of entries without requiring trust in the log operator. It achieves this through:
- Inclusion Proofs: Verifies that a specific entry exists within the log.
- Consistency Proofs: Verifies that a newer version of the log is a valid extension of an older version, preventing a malicious operator from forking the history. These proofs are lightweight and can be generated and verified by any client, ensuring that the monitoring of software supply chain integrity is not centralized.
Timestamping and Non-Repudiation
Every entry in Rekor is assigned a verified timestamp, providing a critical property of non-repudiation. This proves that a software artifact existed and was signed before a specific moment, which is essential for:
- Vulnerability Response: Determining if a build occurred before or after a vulnerability was disclosed.
- Compliance Audits: Demonstrating to regulators that a specific artifact was the one approved for deployment at a given time. The timestamp is integrated into the log's Merkle Tree, making it immutable and globally verifiable.
Public Auditability and Ecosystem Trust
The primary function of Rekor is to act as a public, community-operated audit log. By making the act of signing transparent, it enables a 'trust but verify' model for the entire open-source ecosystem. A user running a container image can check Rekor to confirm:
- The signature was valid at the time of signing.
- The signing identity matches the expected publisher.
- The artifact has not been signed by an unexpected or malicious actor. This global visibility deters malicious signing and enables rapid detection of compromised identities.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Frequently Asked Questions
Clear answers to common questions about Rekor's role in the Sigstore ecosystem, its cryptographic guarantees, and how it enables auditable, tamper-proof software supply chains.
Rekor is the immutability and transparency log service within the Sigstore project that provides an append-only, cryptographically verifiable ledger of software signing events. It works by accepting signed metadata and artifact hashes, integrating them into a Merkle tree structure, and publishing a periodic, signed root hash. This allows any party to verify that a specific signature was recorded at a specific point in time without trusting a central authority. The log is publicly auditable: monitors can continuously watch for unexpected entries, and verifiers can cryptographically prove inclusion. Rekor separates the act of witnessing a signature from the certificate authority (Fulcio), ensuring that even if a short-lived certificate is compromised, the evidence of the signing event remains permanently and immutably recorded.
Related Terms
Rekor is a core component of the Sigstore project. Understanding these adjacent technologies is essential for implementing a complete tamper-proof model registry.
Transparency Log
An append-only, cryptographically verifiable ledger that records digital signatures and certificates. Rekor is the reference implementation. The log uses a Merkle tree structure where each entry is hashed and combined with previous entries, making retroactive tampering computationally infeasible. Key properties:
- Append-only: Entries cannot be deleted or modified
- Publicly auditable: Anyone can verify inclusion proofs
- Gossip protocol: Logs can cross-validate each other
Attestation
A cryptographically signed statement asserting a verifiable fact about a software artifact. In the context of model registries, attestations can certify:
- The training dataset provenance and preprocessing steps
- Results of bias and fairness evaluations
- Vulnerability scan outcomes on model dependencies
- Compliance with specific regulatory frameworks Rekor stores these attestations immutably, creating a permanent audit trail for every model version.
Keyless Signing
A paradigm that binds a signature to a workload identity rather than a long-lived private key. Using OIDC tokens and Fulcio-issued ephemeral certificates, keyless signing eliminates the operational burden of key rotation and storage. Rekor records every ephemeral certificate, ensuring that even short-lived credentials leave a permanent, auditable record. This is critical for automated CI/CD pipelines signing model artifacts.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us