Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Integrate cosign provenance attachment to Docker #129

Open
marcofranssen opened this issue Jan 26, 2022 · 2 comments
Open

Integrate cosign provenance attachment to Docker #129

marcofranssen opened this issue Jan 26, 2022 · 2 comments
Labels
enhancement New feature or request

Comments

@marcofranssen
Copy link
Member

Currently we are using the cosign cli to attach the provenance file to a Docker image.

Investigate if we can use https://github.com/sigstore/cosign/tree/bad18e5cb25f2cb86301d248e7e4ed39d49df143/pkg/cosign as a library to natively integrate this step in slsa-provenance.

@developer-guy
Copy link

I can take care of that one @marcofranssen if you want 🙋🏻‍♂️

@marcofranssen
Copy link
Member Author

👋 @developer-guy I'm OK with that. Just know we are currently also looking for a solution for registry authentication.

See #130 (comment).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants