Skip to content

v0.49.1

Choose a tag to compare

View all tags
@github-actions github-actions released this 29 Jun 15:59
· 2 commits to main since this release
v0.49.1
f7e073d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Patch release — first signed Terrapod release.

Security

  • Signed release artifacts (#549) — every container image and the Helm chart are now keyless-signed with cosign (Sigstore, GitHub OIDC — no long-lived key, logged in Rekor), and each image carries a SLSA build-provenance attestation. Verify with cosign verify / gh attestation verify — see docs/supply-chain-verification.md.

Note: the on-image SBOM attestation in this release is attached via cosign's legacy tag scheme and is not discoverable via the documented cosign verify-attestation command; this is corrected in v0.49.2 (SBOM attached as an OCI referrer). SPDX SBOMs are also attached to this release as files.

Full Changelog: v0.49.0...v0.49.1

Assets 32
Loading