feat: vuln attest support #1168
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Looks good, the lint errors should be easy! |
dlorenc
reviewed
Dec 11, 2021
| Metadata Metadata `json:"metadata"` | ||
| } | ||
|
|
||
| type Invocation struct { |
There was a problem hiding this comment.
We should probably also add a README in here under specs/ that describes all of these fields in detail and how they should be used.
There was a problem hiding this comment.
Exactly! This is the next that we are going to do🤝
developer-guy
force-pushed
the
feature/442
branch
from
c2312d2
to
17c7dbf
Compare
|
hey @dlorenc, I know spec documentation is not perfect but we tried to do our best, can you please review it, thanks in advance 🤝 |
|
kindly ping @dlorenc |
Signed-off-by: Batuhan Apaydın <[email protected]> Co-authored-by: Furkan Türkal <[email protected]> Signed-off-by: Batuhan Apaydın <[email protected]>
developer-guy
force-pushed
the
feature/442
branch
from
17c7dbf
to
0384b93
Compare
Sorry missed this because of the WIP in the title. Is it ready for a merge? |
|
I think yes, but it'd be nice if you can review it one more time I guess. |
developer-guy
changed the title
dlorenc
approved these changes
Dec 21, 2021
|
LGTM! |
developer-guy
added a commit
to developer-guy/cosign
that referenced
this pull request
Dec 21, 2021
Signed-off-by: Batuhan Apaydın <[email protected]> Co-authored-by: Furkan Türkal <[email protected]> Signed-off-by: Batuhan Apaydın <[email protected]> Co-authored-by: Furkan Türkal <[email protected]> Signed-off-by: Batuhan Apaydın <[email protected]>
developer-guy
added a commit
to developer-guy/cosign
that referenced
this pull request
Dec 21, 2021
Signed-off-by: Batuhan Apaydın <[email protected]> Co-authored-by: Furkan Türkal <[email protected]> Signed-off-by: Batuhan Apaydın <[email protected]> Co-authored-by: Furkan Türkal <[email protected]> Signed-off-by: Batuhan Apaydın <[email protected]>
bmwiedemann
pushed a commit
to bmwiedemann/openSUSE
that referenced
this pull request
Jan 25, 2022
https://build.opensuse.org/request/show/949015 by user msmeissn + dimstar_suse - updated to 1.5.0 ## Highlights * enable sbom generation when releasing (sigstore/cosign#1261) * feat: log error to stderr (sigstore/cosign#1260) * feat: support attach attestation (sigstore/cosign#1253) * feat: resolve --cert from URL (sigstore/cosign#1245) * feat: generate/upload sbom for cosign projects (sigstore/cosign#1237) * feat: vuln attest support (sigstore/cosign#1168) * feat: add ambient credential detection with spiffe/spire (sigstore/cosign#1220) * feat: generate/upload sbom for cosign projects (sigstore/cosign#1236) * feat: implement cosign download attestation (https
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Signed-off-by: Batuhan Apaydın [email protected]
Co-authored-by: Furkan Türkal [email protected]
Summary
Users might upload vulnerability scan results in form of attestation within the OCI registry
Ticket Link
Fixes #442
Release Note