Batuhan Apaydın
Batuhan Apaydın
kindly ping folx ☝️ I did a similar issue on the ko project side. > _https://github.com/google/go-containerregistry/pull/1454_
not git, bom requires go executable ☝️ @saschagrunert
I'm still interested in doing this, folx.
we (w/@dentrax) would love to help!
we are willing to do that, you can assign it to us !
ko follows the cosign's SBOM spec for this, for more detail, you can take a look, [here](https://github.com/sigstore/cosign/blob/main/specs/SBOM_SPEC.md), whereas BuildX has its standards like they use another manifest with platform and...
We (w/@dentrax) came across a tweet[^1] by @santiagotorres, thanks to him for bringing this to our attention. [^1]: https://twitter.com/torresariass/status/1541459187707908096?s=20&t=TLA9wXCu6zZMkGjLRWBvbA
Hello @AkihiroSuda, this PR will fix the problems related to signing&verifying images with cosign because, at the moment, people can't use the new features of nerdctl and nerdctl compose for...
@puerco, I can tackle this one if you want me to do so in bom CLI?
/remove-lifecycle stale