- BREAKING:
verify-manifest
is nowmanifest verify
(sigstore#712) - BREAKING:
/pkg
has been heavily refactored. Further refactoring work will make its way into 1.4.0 - WARNING: The CLI now uses POSIX-style (double-dash
--flag
) for long-form flags. It will temporarily accept the single-dash-flag
form with a warning, which will become an error in a future release (sigstore#835) - Added
sget
as part of Cosign's releases (sigstore#752) - The
copasetic
utility was unceremoniously baleeted (sigstore#785)
- Began reworking
/pkg
around new abstrations for signing, verification, and storage (sigstore#666)- Notice: refactoring of
/pkg
will continue in the next minor release (1.4.0). Please leave feedback, especially if you've been experimenting withcosign
as a library and found it lacking (sigstore#844) - GGCR-style libraries for interacting with images now exist under
pkg/oci
(sigstore#770) pkg/cosign/remote.UploadSignature
API was been removed in favor of newpkg/oci/remote
APIs (sigstore#774)- The function signature of
cosign.Verify
was changed so that callers must be explicit about which signatures (or attestations) to verify. For matching signatures, see alsocosign.Verify{Signatures,Attestations}
(sigstore#782) - Removed
cremote.UploadFile
in favor ofstatic.NewFile
andremote.Write
(sigstore#797)
- Notice: refactoring of
- Innumerable other improvements to the codebase and automation (Makin me look bad, @mattmoor)
- Migrated the CLI to
cobra
(Welcome to the team, @n3wscott) - Added the
--allow-insecure-registry
flag to disable TLS verification when interacting with insecure (e.g. self-signed) container registries (sigstore#669) - 🔒
cosigned
now includes a mutating webhook that resolves image tags to digests (sigstore#800) - 🔒 The
cosigned
validating webhook now requires image digest references (sigstore#799) - The
cosigned
webhook now ignores resources that are being deleted (sigstore#803) - The
cosigned
webhook now supports resolving private images that are authenticated viaimagePullSecrets
(sigstore#804) manifest verify
now supports verifying images in all Kubernetes objects that fit withinPodSpec
,PodSpecTemplate
, orJobSpecTemplate
, including CRDs (sigstore#697)- Added shell auto-completion support (Clutch collab from @erkanzileli, @passcod, and @Dentrax! sigstore#836)
cosign
has generated Markdown docs available in thedoc/
directory (sigstore#839)- Added support for verifying with secrets from a Gitlab project (sigstore#934)
- Added a
--k8s-keychain
option that enables cosign to support ambient registry credentials based on the "k8schain" library (sigstore#972) - CI (test) Images are now created for every architecture distroless ships on (currently: amd64, arm64, arm, s390x, ppc64le) (sigstore#973)
attest
: replaced--upload
flag with a--no-upload
flag (sigstore#979)
cosigned
now verifiesCronJob
images (Terve, @vaikas sigstore#809)- Fixed the
verify
--cert-email
option to actually work (Sweet as, @passcod sigstore#821) public-key -sk
no longer causeserror: x509: unsupported public key type: *crypto.PublicKey
(sigstore#864)- Fixed interactive terminal support in Windows (sigstore#871)
- The
-ct
flag is no longer ignored inupload blob
(sigstore#910)
- Aditya Sirish (@adityasaky)
- Asra Ali (@asraa)
- Axel Simon (@axelsimon)
- Batuhan Apaydın (@developer-guy)
- Brandon Mitchell (@sudo-bmitch)
- Carlos Panato (@cpanato)
- Chao Lin (@blackcat-lin)
- Dan Lorenc (@dlorenc)
- Dan Luhring (@luhring)
- Eng Zer Jun (@Juneezee)
- Erkan Zileli (@erkanzileli)
- Félix Saparelli (@passcod)
- Furkan Türkal (@Dentrax)
- Hector Fernandez (@hectorj2f)
- Ivan Font (@font)
- Jake Sanders (@dekkagaijin)
- Jason Hall (@imjasonh)
- Jim Bugwadia (@JimBugwadia)
- Joel Kamp (@mrjoelkamp)
- Luke Hinds (@lukehinds)
- Matt Moore (@mattmoor)
- Naveen (@naveensrinivasan)
- Olivier Gaumond (@oliviergaumond)
- Priya Wadhwa (@priyawadhwa)
- Radoslav Gerganov (@rgerganov)
- Ramkumar Chinchani (@rchincha)
- Rémy Greinhofer (@rgreinho)
- Scott Nichols (@n3wscott)
- Shubham Palriwala (@ShubhamPalriwala)
- Viacheslav Vasilyev (@avoidik)
- Ville Aikas (@vaikas)
- BREAKING: move
verify-dockerfile
todockerfile verify
(sigstore#662) - Have the keyless
cosign sign
flow use a single 3LO. (sigstore#665) - Allow to
verify-blob
from urls (sigstore#646) - Support GCP environments without workload identity (GCB). (sigstore#652)
- Switch the release cosign container to debug. (sigstore#649)
- Add logic to detect and use ambient OIDC from exec envs. (sigstore#644)
- Add
-cert-email
flag to provide the email expected from a fulcio cert to be valid (sigstore#622) - Add support for downloading signature from remote (sigstore#629)
- Add sbom and attestations to triangulate (sigstore#628)
- Add cosign attachment signing and verification (sigstore#615)
- Embed CT log public key (sigstore#607)
- Verify SCTs returned by fulcio (sigstore#600)
- Add extra replacement variables and GCP's role identifier (sigstore#597)
- Store attestations in the layer (payload) rather than the annotation. (sigstore#579)
- Improve documentation about predicate type and change predicate type from provenance to slsaprovenance (sigstore#583)
- Upgrade in-toto-golang to adapt SLSA Provenance (sigstore#582)
- Fix verify-dockerfile to allow lowercase FROM (sigstore#643)
- Fix signing for the cosigned image. (sigstore#634)
- Make sure generate-key-pair doesn't overwrite existing key-pair (sigstore#623)
- helm/ci: update helm repo before installing the dependency (sigstore#598)
- Set the correct predicate type/URI for each supported predicate type. (sigstore#592)
- Warnings on admissionregistration version (sigstore#581)
- Remove unnecessary COSIGN_PASSWORD (sigstore#572)
- Batuhan Apaydın
- Ben Walding
- Carlos Alexandro Becker
- Carlos Tadeu Panato Junior
- Erkan Zileli
- Hector Fernandez
- Jake Sanders
- Jason Hall
- Matt Moore
- Michael Lieberman
- Naveen Srinivasan
- Pradeep Chhetri
- Sambhav Kothari
- dlorenc
- priyawadhwa
- BREAKING: The
-attestation
flag has been renamed to-predicate
inattest
(sigstore#500) - Added
verify-manifest
command (sigstore#490) - Added the ability to specify and validate well-known attestation types in
attest
with the-type
flag (sigstore#504) - Added
cosign init
command to setup the trusted local repository of SigStore's TUF root metadata (sigstore#520) - Added timestamps to Cosign's custom In-Toto predicate (sigstore#533)
verify
now always verifies that the image exists (even when referenced by digest) before verification (sigstore#543)
verify-dockerfile
no longer fails onFROM scratch
(sigstore#509)- Fixed reading from STDIN with
attach sbom
(sigstore#517) - Fixed broken documentation and implementation of
-output
forverify
andverify-attestation
(sigstore#546) - Fixed nil pointer error when calling
upload blob
without specifying-f
(sigstore#563)
- Adolfo García Veytia (@puerco)
- Anton Semjonov (@ansemjo)
- Asra Ali (@asraa)
- Batuhan Apaydın (@developer-guy)
- Carlos Panato (@cpanato)
- Dan Lorenc (@dlorenc)
- @gkovan
- Hector Fernandez (@hectorj2f)
- Jake Sanders (@dekkagaijin)
- Jim Bugwadia (@JimBugwadia)
- Jose Donizetti (@josedonizetti)
- Joshua Hansen (@joshes)
- Jason Hall (@imjasonh)
- Priya Wadhwa (@priyawadhwa)
- Russell Brown (@rjbrown57)
- Stephan Renatus (@srenatus)
- Li Yi (@denverdino)
- BREAKING: The default HSM key slot is now "signature" instead of "authentication" (sigstore#450)
- BREAKING:
--fulcio-server
is now--fulcio-url
(sigstore#471) - Added
-cert
flag tosign
to allow the explicit addition of a signature certificate (sigstore#451) - Added the
attest
command (sigstore#458) - Added numerous flags for specifying parameters when interacting with Rekor and Fulcio (sigstore#462)
cosign
will now send its version string as part of theuser-agent
when interacting with a container registry (sigstore#479)- Files containing certificates for custom Fulcio endpoints can now be specified via the
COSIGN_ROOT
environment variable (sigstore#477)
- Fixed a situation where lower-case
as
would breakverify-dockerfile
(Complements to @Dentrax sigstore#433)
- Appu Goundan (@loosebazooka)
- Batuhan Apaydın (@developer-guy)
- Carlos Panato (@cpanato)
- Dan Lorenc (@dlorenc)
- Furkan Türkal (@Dentrax)
- Hector Fernandez (@hectorj2f)
- Jake Sanders (@dekkagaijin)
- James Alseth (@jalseth)
- Jason Hall (@imjasonh)
- João Pereira (@joaodrp)
- Luke Hinds (@lukehinds)
- Tom Hennen (@TomHennen)
- BREAKING: Moved
cosign upload-blob
tocosign upload blob
(sigstore#378) - BREAKING: Moved
cosign upload
tocosign attach signature
(sigstore#378) - BREAKING: Moved
cosign download
tocosign download signature
(sigstore#392) - Added flags to specify slot, PIN, and touch policies for security keys (Thank you @ddz sigstore#369)
- Added
cosign verify-dockerfile
command (sigstore#395) - Added SBOM support in
cosign attach
andcosign download sbom
(sigstore#387) - Sign & verify images using Kubernetes secrets (A muchas muchas gracias to @developer-guy and @Dentrax sigstore#398)
- Added support for AWS KMS (谢谢, @codysoyland sigstore#426)
- Numerous enhancements to our build & release process, courtesy @cpanato
- Verify entry timestamp signatures of fetched Tlog entries (sigstore#371)
- Asra Ali (@asraa)
- Batuhan Apaydın (@developer-guy)
- Carlos Panato (@cpanato)
- Cody Soyland (@codysoyland)
- Dan Lorenc (@dlorenc)
- Dino A. Dai Zovi (@ddz)
- Furkan Türkal (@Dentrax)
- Jake Sanders (@dekkagaijin)
- Jason Hall (@imjasonh)
- Paris Zoumpouloglou (@zuBux)
- Priya Wadhwa (@priyawadhwa)
- Rémy Greinhofer (@rgreinho)
- Russell Brown (@rjbrown57)
- Added
cosign copy
to easily move images and signatures between repositories (sigstore#317) - Added
-r
flag tocosign sign
for recursively signing multi-arch images (sigstore#320) - Added
cosign clean
to delete signatures for an image (Thanks, @developer-guy! sigstore#324) - Added
-k8s
flag tocosign generate-key-pair
to create a Kubernetes secret (Hell yeah, @priyawadhwa! sigstore#345)
- Fixed an issue with misdirected image signatures when
COSIGN_REPOSITORY
was used (sigstore#323)
- Balazs Zachar (@Cajga)
- Batuhan Apaydın (@developer-guy)
- Dan Lorenc (@dlorenc)
- Furkan Turkal (@Dentrax)
- Jake Sanders (@dekkagaijin)
- Jon Johnson (@jonjohnsonjr)
- Priya Wadhwa (@priyawadhwa)
- Signatures created with
cosign
before v0.4.0 are not compatible with those created after
- 🎉 Added support for "offline" verification of Rekor signatures 🎉 (ありがとう, priyawadhwa! #285)
- Support for Hashicorp vault as a KMS provider has been added (Danke, RichiCoder1! sigstore/sigstore #44, sigstore/sigstore #49)
- GCP KMS URIs now include the key version (#45)
- Christian Pearce (@pearcec)
- Dan Lorenc (@dlorenc)
- Jake Sanders (@dekkagaijin)
- Priya Wadhwa (@priyawadhwa)
- Richard Simpson (@RichiCoder1)
- Ross Timson (@rosstimson)
- Fixed CI container image breakage introduced in v0.3.0
- Fixed lack of version information in release binaries
This is the third release of cosign
!
We still expect many flags, commands, and formats to change going forward, but we're getting closer. No backwards compatiblity is promised or implied yet, though we are hoping to formalize this policy in the next release. See #254 for more info.
- The
-output-file
flag supports writing output to a specific file - The
-key
flag now supportskms
references and URLs, thekms
specific flag has been removed - Yubikey/PIV hardware support is now included!
- Support for signing and verifying multiple images in one invocation
- Bug fixes in KMS keypair generation
- Bug fixes in key type parsing
- Dan Lorenc
- Priya Wadhwa
- Ivan Font
- Depandabot!
- Mark Bestavros
- Jake Sanders
- Carlos Tadeu Panato Junior
This is the second release of cosign
!
We still expect many flags, commands, and formats to change going forward, but we're getting closer. No backwards compatiblity is promised or implied.
- The password for private keys can now be passed via the
COSIGN_PASSWORD
- KMS keys can now be used to sign and verify blobs
- The
version
command can now be used to return the release version - The
public-key
command can now be used to extract the public key from KMS or a private key - The
COSIGN_REPOSITORY
environment variable can be used to store signatures in an alternate location - Tons of new EXAMPLES in our help text
- Improved error messages for command line flag verification
- TONS more unit and integration testing
- Too many others to count :)
We would love to thank the contributors:
- Dan Lorenc
- Priya Wadhwa
- Ahmet Alp Balkan
- Naveen Srinivasan
- Chris Norman
- Jon Johnson
- Kim Lewandowski
- Luke Hinds
- Bob Callaway
- Dan POP
- eminks
- Mark Bestavros
- Jake Sanders
This is the first release of cosign
!
The main goal of this release is to release something we can start using to sign other releases of sigstore projects, including cosign
itself.
We expect many flags, commands, and formats to change going forward. No backwards compatiblity is promised or implied.
This release added a feature to cosign
called cosign
.
The cosign
feature can be used to sign container images and blobs.
Detailed documentation can be found in the README and the Detailed Usage.
There was no way to sign container images. Now there is!
We would love to thank the contributors:
- dlorenc
- priyawadhwa
- Ahmet Alp Balkan
- Ivan Font
- Jason Hall
- Chris Norman
- Jon Johnson
- Kim Lewandowski
- Luke Hinds
- Bob Callaway