example-package icon indicating copy to clipboard operation
example-package copied to clipboard

Published 20 hours ago verified publisher icon slsa-framework

Add malicious provenance test for OCI container images

Open asraa opened this issue 3 years ago • 0 comments

With attached provenance, testing CLI verification with a container with bad provenance attached is difficult. See https://github.com/slsa-framework/example-package/pull/104#discussion_r971338634

We can manipulate the container with cosign/crane, but cannot do this in the shell script right now

asraa avatar Sep 15 '22 19:09 asraa