diff --git a/doc/cosign_dockerfile_verify.md b/doc/cosign_dockerfile_verify.md index 4a6cb34c1429..5bfabce5e480 100644 --- a/doc/cosign_dockerfile_verify.md +++ b/doc/cosign_dockerfile_verify.md @@ -54,7 +54,7 @@ cosign dockerfile verify [flags] ``` --allow-insecure-registry whether to allow insecure connections to registries. Don't use this for anything but testing -a, --annotations strings extra key=value pairs to sign - --attachment string related image attachment to sign (sbom), default none + --attachment string related image attachment to verify (sbom), default none --attachment-tag-prefix [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName] optional custom prefix to use for attached image tags. Attachment images are tagged as: [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName] --base-image-only only verify the base image (the last FROM image in the Dockerfile) --certificate string path to the public certificate. The certificate will be verified against the Fulcio roots if the --certificate-chain option is not passed. diff --git a/doc/cosign_manifest_verify.md b/doc/cosign_manifest_verify.md index a783f627e857..aa98b7e0ce7f 100644 --- a/doc/cosign_manifest_verify.md +++ b/doc/cosign_manifest_verify.md @@ -49,7 +49,7 @@ cosign manifest verify [flags] ``` --allow-insecure-registry whether to allow insecure connections to registries. Don't use this for anything but testing -a, --annotations strings extra key=value pairs to sign - --attachment string related image attachment to sign (sbom), default none + --attachment string related image attachment to verify (sbom), default none --attachment-tag-prefix [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName] optional custom prefix to use for attached image tags. Attachment images are tagged as: [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName] --certificate string path to the public certificate. The certificate will be verified against the Fulcio roots if the --certificate-chain option is not passed. --certificate-chain string path to a list of CA certificates in PEM format which will be needed when building the certificate chain for the signing certificate. Must start with the parent intermediate CA certificate of the signing certificate and end with the root certificate diff --git a/doc/cosign_verify.md b/doc/cosign_verify.md index 50e13f83b112..ca75762512ff 100644 --- a/doc/cosign_verify.md +++ b/doc/cosign_verify.md @@ -68,7 +68,7 @@ cosign verify [flags] ``` --allow-insecure-registry whether to allow insecure connections to registries. Don't use this for anything but testing -a, --annotations strings extra key=value pairs to sign - --attachment string related image attachment to sign (sbom), default none + --attachment string related image attachment to verify (sbom), default none --attachment-tag-prefix [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName] optional custom prefix to use for attached image tags. Attachment images are tagged as: [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName] --certificate string path to the public certificate. The certificate will be verified against the Fulcio roots if the --certificate-chain option is not passed. --certificate-chain string path to a list of CA certificates in PEM format which will be needed when building the certificate chain for the signing certificate. Must start with the parent intermediate CA certificate of the signing certificate and end with the root certificate