cosign icon indicating copy to clipboard operation
cosign copied to clipboard

Published 20 hours ago verified publisher icon sigstore

Add support for new bundle specification in `cosign attest`

Open codysoyland opened this issue 1 year ago • 1 comments

This PR adds support for the new Cosign Bundle Specification in cosign attest.

Related: https://github.com/sigstore/cosign/issues/3139

This is in draft for now pending:

  • [ ] TSA timestamp payload modified per spec and added to bundle
  • [ ] New annotations are added
  • [ ] Support for fallback to referrers tag schema
  • [ ] Tests

To test, run the following (replacing MY_PREDICATE and MY_IMAGE as needed):

go run ./cmd/cosign attest --predicate MY_PREDICATE --new-bundle-format MY_IMAGE

Summary

Release Note

Documentation

codysoyland avatar Sep 25 '24 15:09 codysoyland