cosign
cosign copied to clipboard
sigstore
Code signing and transparency for containers and binaries
Bumps [github.com/buildkite/agent/v3](https://github.com/buildkite/agent) from 3.62.0 to 3.66.0. Release notes Sourced from github.com/buildkite/agent/v3's releases. v3.66.0 v3.66.0 (2024-03-12) Full Changelog Added Extend graceful cancellation to all job phases #2654 (@david-poirier) Add cli command...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
**Description** **Version** I had noticed previously that when we cut a v2 release, the latest tag is not set automatically. https://github.com/sigstore/cosign/issues/3620 noted that after releasing the backport v1 release yesterday,...
#### Summary Add new `--ca-roots` and `--ca-intermediates` flags to allow pass a certificate bundle PEM file with multiple CA roots and optionally a file with the intermediate certificates. Related to...
Attaching Attestation and Signature Generating ephemeral keys... Error: signing [gcr.io//alpine-jdk8@sha256:0f1878bd210a46fa67485423d478725082a098ed3d9c5[174](https://github.com/learningcicd/docker-sbom-testing-attest/actions/runs/8367060461/job/22908707109#step:4:180)fecb751fbfab384e]: getting signer: getting key from Fulcio: fetching ambient OIDC credentials: Get "&audience=sigstore": unsupported protocol scheme "" main.go:74: error during command...
**Description** Hey, everyone! I have a need for static key storage without using transit encryption. Is there any method to force cosign to use the signing key just from the...
**Description** Recently ran into an issue where we have an absurdly large attestation (130MB) that is rejected by rekor due to its size. Arguably, this is a bug in rekor,...
**Description** I have a GitHub Action that builds and signs an image and pushes it to GHCR and DockerHub. I verify the signatures in the same action. The verification for...
closes #3563 #### Summary Creates parity between Cosign / TSA (e.g. TSA values are handled similarly to ctlog, fulcio, and rekor creds now) since sigstore/sigstore TUF client was recently updated...
**Description** Running cosing clean command, the argument `--type=all ` is interpreted to remove all types of files either signatures or attestation related with the image in a repository. I noticed...
Closes https://github.com/sigstore/cosign/issues/2997 Summary This PR adds a provider that, when run from within a Gitpod workspace, retrieves a token automatically from the command line, which means users do not have...
