ratify icon indicating copy to clipboard operation
ratify copied to clipboard
verified publisher icon ratify-project

Support keyless verification with OIDC identities

Open yizha1 opened this issue 1 year ago • 1 comments

What would you like to be added?

Currently Ratify supports keyless verification with Cosign 1.x only. Since Cosign 2.0, keyless verification requires OIDC identities and OIDC issuers. Ratify needs to introduce new parameters for the cosign verifier.

Anything else you would like to add?

No response

Are you willing to submit PRs to contribute to this feature?

  • [ ] Yes, I am willing to implement it.

yizha1 avatar Mar 01 '24 12:03 yizha1

Discussed with @akashsinghal, this issue can be planned for Ratify 1.3.0. Currently, the Cosign verifier continues to function because the API does not mandate OIDC identity and issuer as a requirement. /cc @susanshi

yizha1 avatar Mar 14 '24 12:03 yizha1