Security Incident Report
Rekor Anchor Gap
2026-05-10 to 2026-06-01
01
Summary
Between May 10 and June 1 2026, a database migration inadvertently prevented Rekor anchor data from being written to daily snapshots. Daily snapshots were created with correct hash chains throughout this period, but Rekor anchor log indexes were not recorded. All 145 affected snapshots have been backfilled with valid Rekor anchors. Hash chain integrity was not affected at any point.
02
What Was Affected
Rekor anchor log indexes for daily snapshots created between 2026-05-10 and 2026-06-01. Hash chain integrity: NOT affected. Event hashes: NOT affected. RFC 3161 timestamps: NOT affected. Ed25519 signatures: NOT affected.
03
Timeline
- 2026-05-10: Migration applied inadvertently blocking anchor column updates.
- 2026-05-10 to 2026-06-01: Daily snapshots created without Rekor anchor data.
- 2026-06-01: Issue identified during infrastructure audit.
- 2026-06-01: Fix deployed.
- 2026-06-01: 145 snapshots backfilled. 0 failures.
04
Resolution
Migration 20260601000073 replaced the blanket immutability trigger with a column-specific trigger that protects identity columns while allowing anchor columns to be updated after Rekor responds. All affected snapshots have been anchored to Sigstore Rekor and verified.
05
Contact
Questions: wes@rankigi.com Status page: rankigi.com/status