Andrew McNamara
Andrew McNamara
Every time I try to log into the CLI, the `travis report` comes back saying that I have an invalid access token. I have verified that there is not an...
If the output file is specified in a non-existent directory, you will get an error. Remove this error by creating the necessary directory structure before opening the file.
When do you plan to update the npm-managed package? I would like to have the changes from my PR available through npm.
## Bug Report Bundle validation passes when values within the CSV do not have appropriate types. This has been encountered multiple times. We traced down the suspected offending lines to...
In https://slsa.dev/spec/v1.1/principles, for the guidelines to use tracks sparingly, we state > **Use tracks sparingly**. Additional tracks add extra complexity to SLSA, so a new track should be seen as...
In the gDoc for [independently verified reproducible build requirements](https://docs.google.com/document/d/1Jk0yZnkTC3dfp8G5dmO8K9r1Kc7TRX2QVOwcFSKw1OQ/edit?disco=AAAA6gWKPOg), @MarkLodato and I started discussing verifying builds. The comment thread is too hard to follow, so I am creating this issue...
In identifying requirements for isolation in Build L3, we agreed that L3 would not require _specific_ producer modification to the builds while starting with L4 that the producer and the...
**Description** When using `buildah source push`, I would like to know what the digest of the OCI artifact pushed is such that I can reference the artifact by digest instead...
### Feature request When pushing a Tekton bundle using the `tkn bundle` command, users should have an option to add labels to the artifact pointing to the git source for...
### Feature request If Chains is provided with an Image Index to sign and attest, it should recursively perform this same behavior for all referenced Image Manfiests as well. ###...