notation
notation copied to clipboard
notaryproject
A CLI tool to sign and verify artifacts
Here is the proposal for Notation v2.x plan: ### Milestone Notation `v2.0.0` Target Date: **Mar 2025** Main enhancements: - https://github.com/notaryproject/notation/issues/1040 - https://github.com/notaryproject/notation/issues/741 - https://github.com/notaryproject/notation/issues/974 ### Milestone Notation `v2.1.0` Target date:...
### Is your feature request related to a problem? ### Description An attestation is a cryptographically signed collection of claims related to one or more software artifacts. According to [SLSA](https://slsa.dev/attestation-model),...
Bumps [github.com/notaryproject/notation-go](https://github.com/notaryproject/notation-go) from 1.2.0-beta.1.0.20240926015724-84c2ec076201 to 1.3.0-rc.1. Release notes Sourced from github.com/notaryproject/notation-go's releases. v1.3.0-rc.1 Vote PASSED [+4 -0]: #465 What's Changed build(deps): bump golang.org/x/mod from 0.19.0 to 0.20.0 by @dependabot in...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [golang.org/x/term](https://github.com/golang/term) from 0.24.0 to 0.25.0. Commits 9d5441a go.mod: update golang.org/x dependencies See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.5.0 to 4.6.0. Release notes Sourced from codecov/codecov-action's releases. v4.6.0 What's Changed build(deps): bump github/codeql-action from 3.25.8 to 3.25.10 by @dependabot in codecov/codecov-action#1481 build(deps): bump actions/checkout from...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.7.0 to 1.8.1. Release notes Sourced from github.com/spf13/cobra's releases. v1.8.1 ✨ Features Add env variable to suppress completion descriptions on create by @scop in spf13/cobra#1938 🐛 Bug...
### What is not working as expected? When verifying the signed container image with notation I am getting the error ### What did you expect to happen? I just test...
Bumps [github.com/notaryproject/notation-go](https://github.com/notaryproject/notation-go) from 1.2.0-beta.1.0.20240926015724-84c2ec076201 to 1.3.0-rc.1. Release notes Sourced from github.com/notaryproject/notation-go's releases. v1.3.0-rc.1 Vote PASSED [+4 -0]: #465 What's Changed build(deps): bump golang.org/x/mod from 0.19.0 to 0.20.0 by @dependabot in...
The idea is to make `--force-referrers-tag=false` as default behavior.
When verifying the signed container image with notation I am getting the error notation verify $IMAGE Warning: Always verify the artifact using digest(@sha256:...) rather than a tag(:v1) because resolved digest...
