mikey strauss
mikey strauss
Hi guys, I also found myself with the need to use syft as a library, its awesome to see you already two steps ahead. I understand the vision is a...
I was thinking about this , IMHO untrusted build platform may mean many things . For example , That may actually prevent runs from influencing one another, even within the...
+1 would be magnificent
What about a use case where the is url with port as part of the name.. For example pkg:container/index.myregstry.io:5000/my-image@v1 Would you expect the ':' to be encoded when going in...
Ok after taking previous advice I see you expect Such a purl to be pkg:docker/my_image@sha256:244fd47e07d1004f0aed9c?repository_url=index.my-regstory.io:500 Did I understand correctly, can you elaborate on this logic or point me the the...
Maybe related to https://github.com/open-policy-agent/gatekeeper/pull/3132 Maybe Upgrade to >3.15 https://github.com/open-policy-agent/gatekeeper/releases/tag/v3.15.0 will fix
Just asking out of curiosity, sorry if i am off topic. Wouldn't doing something similar for attestations make also sense ? (maybe using envelope and dsse signers that support multi...
Issue/PR may be relevant. [https://github.com/secure-systems-lab/go-securesystemslib/issues/4](url) https://github.com/secure-systems-lab/go-securesystemslib/pull/7
@JimBugwadia > Hi @houdini91 @Dentrax - is the plan to use the `MultiEnvelopeSigner` in `cosign.VerifySignatures`? I am down with what ever the community leader think is best. My own view...