cosign
cosign copied to clipboard
sigstore
Code signing and transparency for containers and binaries
**Description** Complete the work in #3462 to add new command flags to other `verify-*` commands, namely: `verify-blob`, `verify-attestation`, and `verify-blob-attestation`.
**Description** I generate my provenance.json file. When i execute cosign attest --yes --predicate provenance.json --type slsaprovenance --key cosign.key **image:tag** the command fails and says provenance predicate: required field builder missing....
**Description** I'm using HashiVault Corp for secure storing signing keys. Then i want to use image verify in K8S using kyverno-plugin (1.12). In Kyverno-policy i want to use Public Key...
**Question** From what I see, the configuration file of the referrer containing the signature in OCI 1.1 format is needless. Why not using an empty one then, as [foreseen by...
**Question** step 1 sign image with regular cosign step2 sign image with COSIGN_EXPERIMENTAL=1 and --registry-referrers-mode oci-1-1 step3 get new signature manifest, will including all preceding signatures layers ``` /data/registry/docker/registry/v2/blobs/sha256$ cat...
**Key generation fails when using YubiKeys with 5.7.x firmware** When generating keys on a YubiKey with 5.7.x firmware, an error is generated reporting Status Word 6a80 (SW_ERR_INCORRECT_PARAM). ``` $ cosign...
Hi Team, We're encountering **intermittent errors** while using cosign verify in our container CICD pipelines. Where cosign verify fails, we receive the following error message: `main.go:69: error during command execution:...
**Description** Goal is to provide a simple interface for users to provide their own roots of trust for services (Rekor, Fulcio, CT log, TSA) by using the "trust root" [specification](https://github.com/sigstore/protobuf-specs/blob/main/protos/sigstore_trustroot.proto)....
Hi Team, We're encountering **intermittent errors** while using cosign verify in our container CICD pipelines. Where cosign verify fails, we receive the following error message: `main.go:69: error during command execution:...
**Description** Hey Cosign folks! Recently, @woodruffw and I have been working on a conformance testing suite for Sigstore clients. At the moment, it just does a basic sign/verify test along...
