-
**Is your feature request related to a problem? Please describe.**
With Helm v3.8.0, the OCI support became [GA](https://helm.sh/docs/topics/registries), which is a good chance to start publishing …
-
**Is your feature request related to a problem? Please describe.**
[Cosign](https://github.com/sigstore/cosign) has a safe way for storing encrypted private keys inside of repositories. They identify…
-
**Environmental Info:**
- Linux 4.18.0-425.3.1.el8.x86_64 #1 SMP Fri Sep 30 11:45:06 EDT 2022 x86_64 x86_64 x86_64 GNU/Linux
**Hauler Version:**
- GitVersion: 1.0.3
- GitCommit:…
-
With new ko release, it creates and pushes an SBOM file by default. [^1] We can also pass a new flag called `--sbom-sign ` to sign before publishing it. In the [SBOM push stage](https://github.com/goo…
-
**Description**
Hey, everyone!
I have a need for static key storage without using transit encryption.
Is there any method to force cosign to use the signing key just from the KV storage?
co…
-
**Is this RFE related to an Existing Problem? If so, please describe:**
- In unstable networks, there is no retry mechanism when pushing or pulling images.
**Describe Proposed Solution(s…
-
### Is your feature request related to a problem? Please describe.
**As** Ezra **I want** to validate cosign signatures on `zarf package create` so that I can have confidence that they will work corr…
-
**Tell us about your request**
It would be helpful to support sigstore/cosign to verify official images from Docker. This could be done in addition to other signing solutions to give users the flexib…
-
Hi Team,
We're encountering **intermittent errors** while using cosign verify in our container CICD pipelines. Where cosign verify fails, we receive the following error message:
`main.go:69: e…
-
More recent Yubikey firmwares seem to default to AES instead of 3DES for the PIV management key, which causes the key generation to fail with a nondescript error message `‼️ The default Management Ke…