Support pulling a referrer from an image manifest #1308

FeynmanZhou · 2024-03-26T03:24:13Z

What is the version of your ORAS CLI

ORAS v1.2.0-beta.1

What would you like to be added?

Provide a flag to enable users to pull a referrer from an image manifest and download it as a file

Why is this needed for ORAS?

In containers secure supply chain scenario, users may pull referrers (e.g. SBOM, signature, vuln scanning report) only without pulling a subject image. Suppose there is a large image with referrers in the registry, users may want to verify the supply chain metadata before pulling and using the image locally. It will reduce the performance and bandwidth cost.

Are you willing to submit PRs to contribute to this feature?

Yes, I am willing to implement it.

shizhMSFT · 2024-03-26T06:10:00Z

Pre-requisite issues:

Support customizing file name in oras pull #1159

Related issues:

FeynmanZhou added enhancement New feature or request triage New issues or PRs to be acknowledged by maintainers labels Mar 26, 2024

qweeah added the spec required Issues that require specifications label Mar 26, 2024

qweeah added this to the v1.3.0 milestone Mar 26, 2024

qweeah removed the triage New issues or PRs to be acknowledged by maintainers label Mar 26, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support pulling a referrer from an image manifest #1308

Support pulling a referrer from an image manifest #1308

FeynmanZhou commented Mar 26, 2024

shizhMSFT commented Mar 26, 2024 •

edited

Loading

Support pulling a referrer from an image manifest #1308

Support pulling a referrer from an image manifest #1308

Comments

FeynmanZhou commented Mar 26, 2024

What is the version of your ORAS CLI

What would you like to be added?

Why is this needed for ORAS?

Are you willing to submit PRs to contribute to this feature?

shizhMSFT commented Mar 26, 2024 • edited Loading

shizhMSFT commented Mar 26, 2024 •

edited

Loading