Update CycloneDX predicate #188
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is in line with the decision from the CycloneDX project: in-toto/attestation#82 (comment) This resolves an incompatibility between cosign and syft. Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>
|
cc @puerco I see you added support for cyclonedx originally and you should probably be aware of this change. |
|
Thanks for tagging me @adityasaky . LGTM. Once this merges I can bump the in-toto dependency on cosign. I just checked and sigstore prefers tagged versions but if no release is coming soon, we should be able to pull the go module @ HEAD. |
shibumi
approved these changes
Oct 18, 2022
|
I think we can cut a release soon @puerco, no need to pull from HEAD. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes issue:
This addresses Issue #187 and resolves an incompatibility between cosign and syft. See: anchore/syft#1268
Signed-off-by: Arnaud J Le Hors lehors@us.ibm.com
Description:
This changes the value of the predicate to be in line with the decision from the CycloneDX project: in-toto/attestation#82 (comment) and what other tools like syft are already using.
This will make cosign and syft compatible.