Honnix
Honnix
> The latter would probably require more thought into storage as some of these attestations can be quite large. Sure. Using a cache is a typical storage vs. time choice...
https://github.com/sigstore/cosign/issues/1777#issuecomment-1282670046 seems to be related. I understand it is not straight forward to add the caching layer in Kyverno because the heavy duty is all done in: ```go cosign.VerifyImageSignatures(ctx, signedImgRef,...
Does this change make sense? Can someone help review it? Thanks.
I added a few more commits, but please feel free to take #1269 instead and cherry pick useful commits from this PR.
Shall we move forward with this? I'm fine either this PR or #1269. Thanks.
We tried this patch and so far it has been working well. There is one thing though. In case of mismatched signature, https://github.com/bazel-contrib/rules_jvm_external/blob/e95b9d7d2e70b32c11dc363f48d04bf3d619e5be/private/rules/coursier.bzl#L568 prints out a huge single line of...