cosign
cosign copied to clipboard
sigstore
Code signing and transparency for containers and binaries
Closes https://github.com/sigstore/cosign/issues/2131 Authored by @kommendorkapten and @patflynn #### Summary First iteration of the proposed new bundle format for cosign. See `README.md` for more details. The intent for this PR is...
**Excluding custom resources via rules in Validating & Mutating web-hook configuration is getting overriden with default config** we have tried to adding rules to apply the validating & mutating webhook...
**Description** Hi I'm doing provenance generation for knative and I'm seeing bugs with `cosign attest` https://github.com/knative/test-infra/issues/3440 ``` COSIGN_EXPERIMENTAL=1 cosign attest --recursive --identity-token="${ID_TOKEN}" --predicate=kn-attestation.json --type=slsaprovenance --no-tlog-upload --no-upload $(cat pkg/testdata/image-refs.txt) Generating ephemeral...
Signed-off-by: Batuhan Apaydın Fixes #2290 #### Summary This PR will add an insecure option to the name options and use it while parsing the reference of the image name to...
Right now, cosign assumes that every Fulcio cert has an associated entry in Rekor. The time that the entry was added to Rekor is used to verify that the signature...
If I run something like the following: ``` cosign attach sbom "${REMOTE_IMAGE}" --sbom=./sbom.txt ``` and the file `sbom.txt` does not yet exist, the blob uploaded contains the literal string contents...
#### Summary Use newer version of theupdateframework/go-tuf, sigstore/sigstore https://github.com/theupdateframework/go-tuf/pull/397 https://github.com/sigstore/sigstore/pull/715 I'll add an e2e test once I can get the e2e test here (that I'll use this version of cosign...
Instead of explicitly specifying the v0.0.1 type of the intoto rekor type, just use the default version (which is an empty string) and the server will use the preferred implementation....
**Description** When setting new pin on the PIV device the command `cosign piv-tool set-pin --no-input --new-pin --old-pin ` will prompt for confirmation even though --no-input is specfied `? Setting new...
**Description** Since Cosign 1.10.1, the ability to perform a `cosign verify-attestation` on a keyless-signed image containing attestations of multiple predicate types returns `main.go:62: error during command execution: none of the...
