New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Malformed JSON for attestation verification output #2404
Comments
This is actually a JSONL format, or an attestation bundle: https://github.com/in-toto/attestation/blob/main/spec/bundle.md It's just multiple JSON documents concatenated with newlines. Many tools like jq support it fine! |
@toddysm are you in the Sigstore Slack? It's a great place to ask questions any time you see behavior that might seem a little odd. We work hard to make it a very welcoming community - hope to see you there! 😄 |
@dlorenc Thank you for the clarification - I assumed that is what you were going for. Was not clear from the docs what to expect, and the output is a bit stumbling for a user unfamiliar with the tool. Is parsing with jq the expected usage for the output? Would be good to add to the documentation. |
BTW, @trevrosen, I cannot find out how to join the Sigstore slack. I saw a link somewhere but now I can't find it. |
Description
The output from the
cosign verify
command for attestations returns a malformed JSON. Here is the steps to get the output:and here is how the output looks in VS Code:
It seems there are two JSON objects concatenated with each other and not put in an JSON array.
Is this intentional? And if so, what is the purpose of the output if it cannot be properly parsed?
Version
1.13.0
The text was updated successfully, but these errors were encountered: