v2.3.0
Issues | Pull Requests | v2.2.0...v2.3.0
SHA256 checksum
1577b99b74751a5ddeea757198cee3b600fce3ef18990540e4d0e667edcf1b5f aqua-installer
Features
#580 Support disabling the verification with Cosign and SLSA Provenance
Caution
This feature is for users who can't use Cosign and slsa-verifier.
Most users can use them, so most users don't need this feature.
aqua installs Cosign and slsa-verifier internally, so you don't need to install them yourself.
If you can use Cosign and slsa-verifier, you should not disable them because they are important for security.
The bootstrap version is updated to aqua v2.22.0.
From this version, aqua supports disabling the verification with Cosign and SLSA Provenance.
To disable the verification with Cosign and SLSA Provenance when you install aqua with aqua-installer,
please set the environment variables AQUA_DISABLE_COSIGN
and AQUA_DISABLE_SLSA
.
export AQUA_DISABLE_COSIGN=true
export AQUA_DISABLE_SLSA=true
./aqua-installer
- uses: aquaproj/[email protected]
with:
aqua_version: v2.22.0
env:
AQUA_DISABLE_COSIGN: "true"
AQUA_DISABLE_SLSA: "true"