Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: support attach attestation #1253

Merged
merged 1 commit into from
Dec 28, 2021
Merged

feat: support attach attestation #1253

merged 1 commit into from
Dec 28, 2021

Conversation

developer-guy
Copy link
Member

Signed-off-by: Batuhan Apaydın batuhan.apaydin@trendyol.com

Summary

To test this, run the following commands:

$ crane copy alpine <registry>/<username>/alpine
$ echo "foo" > bar
$ cosign attest --key cosign.key --predicate bar <registry>/<username>/alpine
$ cosign download attestation <registry>/<username>/alpine > signedpayload.json
$ cosign attach attestation --key cosign.pub --attestation signedpayload.json <registry>/<username>/alpine

Ticket Link

Fixes #1202

Release Note

feat: support attach attestation

@developer-guy
feat: support attach attestation
da1fb52 
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
@dlorenc
Copy link
Member

dlorenc commented Dec 28, 2021

An e2e test for this one would be great, but we can do that on a follow-up.

@dlorenc dlorenc merged commit 591601c into sigstore:main Dec 28, 2021
@github-actions github-actions bot added this to the v1.5.0 milestone Dec 28, 2021
bmwiedemann pushed a commit to bmwiedemann/openSUSE that referenced this pull request Jan 25, 2022
@bmwiedemann
Update cosign to version 1.5.0 / rev 2 via SR 949015
779bc4c 
https://build.opensuse.org/request/show/949015
by user msmeissn + dimstar_suse
- updated to 1.5.0
  ## Highlights
  * enable sbom generation when releasing (sigstore/cosign#1261)
  * feat: log error to stderr (sigstore/cosign#1260)
  * feat: support attach attestation (sigstore/cosign#1253)
  * feat: resolve --cert from URL (sigstore/cosign#1245)
  * feat: generate/upload sbom for cosign projects (sigstore/cosign#1237)
  * feat: vuln attest support (sigstore/cosign#1168)
  * feat: add ambient credential detection with spiffe/spire (sigstore/cosign#1220)
  * feat: generate/upload sbom for cosign projects (sigstore/cosign#1236)
  * feat: implement cosign download attestation (https
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dlorenc dlorenc dlorenc approved these changes

@hectorj2f hectorj2f Awaiting requested review from hectorj2f

@mattmoor mattmoor Awaiting requested review from mattmoor

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.5.0
Development

Successfully merging this pull request may close these issues.

consider attaching attestations to the OCI registry but verify its signature first
2 participants
@developer-guy @dlorenc