Carlos Tadeu Panato Junior

icon indicating a website link https://cpanato.dev

icon company @chainguard-dev icon location Berlin

Results 749 comments of Carlos Tadeu Panato Junior

SBOM files for some artifacts are almost empty

we need to wait for https://github.com/anchore/sbom-action/pull/456

Sign container images

Hello! I will start the work on this

Sign container images

To solve that issue, we could maybe sign the image in the release pipeline instead of the reusable workflow, which would make it easier to verify the signatures. Wdyt @sagikazarmark?

Sign container images

also i can implement the slsa generator if that is something we all want

Sign container images

the slsa generator will be another job after this one https://github.com/dexidp/dex/blob/master/.github/workflows/artifacts.yaml#L31 if you want to make that for both release and main branch, if we just want that to the...

build(deps): Bump the all group with 5 updates

@dependabot rebase

Add initial eHSM-KMS support for signstore

sorry for the delay, I will need a bit more time to review and have others to review as well cc @haydentherapper

Missing transparency log URLs when verifying a release

we are not publishing that anymore, was only in the beginning. but you can use `cosign verify` to get all the information. I would say we update the docs to...

Missing transparency log URLs when verifying a release

ok will update the docs

Add new tool: patch release cherry pick notification

sample email sent ![Screenshot 2022-09-02 at 13 43 20](https://user-images.githubusercontent.com/4115580/188133751-22831bf9-e179-4021-a831-1b210b5a1c88.png)