Ramon Petgrave
Ramon Petgrave
### Describe the bug ``` gh --version gh version 2.55.0 (2024-08-20) https://github.com/cli/cli/releases/tag/v2.55.0 ``` When you try to to run `gh attestation verify --bundle ...` against an unmodified `.jsonl` file provided...
### Describe the bug ``` gh --version gh version 2.55.0 (2024-08-20) https://github.com/cli/cli/releases/tag/v2.55.0 ``` Currently the `gh attestation verify --help` for the `--signer-workflow` option does not seem to suggest that the...
Allow verifying provenances from the slsa-framework/slsa-github-generator branches. This is useful during in development. We could also allow the tester to customize the repo, to perhaps their own fork. example: ```...
The json truck tags for VSA v1 seem like they should be in camel case, instead of snake case. This means that for the VSA predicate in a document formatted...
### Describe the feature or problem you’d like to solve `gh attestations verify ...` allows the user to verify various properties in the attestation, such as the source repo with...
### What would you like to be added? The ability to download an artifact by specifying it's `artifact-id` from actions/upload-artifact. The JavaScript library already [supports this](https://github.com/actions/download-artifact/blob/fa0a91b85d4f404e444e00e005971372dc801d16/src/download-artifact.ts#L115). Since we often want...
#### Summary https://github.com/sigstore/rekor-tiles/issues/38 Adds a new script for making it easier to launch a local fulcio and rekor, and tsa for testing within Github Actions. It also creates a local...
### Summary Adds a notebook and doc describing how to quickly generate a starter node schema for any AWS object we are interested in. ### Related issues or links TODO...
**Description** Re: https://github.com/sigstore/sigstore/pull/1944#discussion_r1932739287 In the `SignerVerifier` interface, we allow the callers of `SignMessage()` and `VerifySignature()` to provide either or both a message and a digest to be either signed or...
**Description** One caveat is that the plugin program needs to be relaunched upon every `SignerVerifier` method invocation, and would have to optionally maintain state externally. For the next major protocol...