-
Cosign supports the v0.2 SLSA predicate through the `--type slsaprovenance` flag on the `attest` and `attest-blob` commands. SLSA 1.0 Release Candidate 1 (RC1) is out and RC2 should be coming out toda…
-
**Describe the bug**
image-provenance build failure in final step without any specific details
**To Reproduce**
Please visit
1. Go to 'https://github.com/CHESSComputing/MetaData/actions'
2. Cl…
-
@asraa Would it be possible for cosign to be modified to allow it to attest multiple images with a single predicate?
For knative, I build multiple images with ko but I need to attach a sing…
-
We'd like to have the ingestion of deps.dev more efficient. Today, we make a large number of calls to deps.dev in order to get the data we need. Some of this probably are duplicates or redundant.
…
-
Recently, Docker BuildKit announced that [SLSA provenance](https://slsa.dev/provenance/v0.2) would start being supported in the newer version [v0.11.0-rc1](https://github.com/moby/buildkit/releases/ta…
-
Originally posted by @mchmarny
https://github.com/slsa-framework/slsa-github-generator/issues/1257#issuecomment-1384431361
-----
This appears to be also failing against Artifact Registry (full …
-
# Bug Report
The `sample-pipeline` example fails canary deploy when not using local registry.
## Current Behavior
The `picalc` pod never attempts to start in the `prod` namespace.
## Expec…
-
Getting this error at main
```
$ ./slsa-verifier verify-image us-west2-docker.pkg.dev/slsa-tooling/example-package-repo/e2e-gcb-workflow_dispatch-main-cloudbuild-slsa3@sha256:71efcbb3f03f5914dcde87e…
-
Gitlab has recently started generating [attestations for build artifacts](https://docs.gitlab.com/ee/ci/runners/configure_runners.html#artifact-attestation). The attestation format is the standard int…
-
**Description**
Hi
I'm doing provenance generation for knative and I'm seeing bugs with `cosign attest`
https://github.com/knative/test-infra/issues/3440
```
COSIGN_EXPERIMENTAL=1 cos…