Ralph Bean
Ralph Bean
#### Summary This enables `attest-blob --bundle=-` to write bundles to stdout with a trailing newline, allowing users to create JSONL files containing multiple attestations by redirecting and appending output. This...
**Description** I noticed a difference in behavior between `cosign verify-attestation ` and `cosign verify-blob-attestation --bundle attestation.json`: * The OCI implementation finds all attestations that refer to the artifact and verifies...
#### Summary This adds the `org.opencontainers.image.title` annotation to layer descriptors in attestation manifests to enable tools like 'oras pull' to download attestation bundles with collision-free filenames. The annotation format is...
**Description** In slack, I saw some musing about letting users use a tool like `oras` to pull down attestations from the OCI registry and letting cosign do the verification locally....
**Description** I was messing around with using cosign to write multiple bundles to a [jsonl](http://jsonlines.org/). I'm not entirely sure if that's a good pattern or useful thing yet, but a...