-
-
This is part of Sigstore bundle support: we currently only support "raw" signatures, while some users of Sigstore may chose to use enveloped DSSE-style signatures.
From protobuf-specs:
```proto
…
-
### What happened?
"Merger of the Week" @mrfh92 reports that the Scorecard analysis workflow [fails on `main`](https://github.com/helmholtz-analytics/heat/actions/runs/8418158944/job/23048080154) af…
-
@dimitri I see the following post-merge tests are failing since last week,
https://github.com/di…
-
**Description**
The primary change is the addition of the `certificate` field to be used when issuing bundles verified with the public good instance. This removes the ambiguity when dealing wit…
-
**Description**
When invoking "cosign verify-blob" or "cosign verify" with local certificate and chain, the cli always asks for cert identity and oidc provider.
```
Error: --certificate-identity…
-
**Description**
At Trail of Bits, we're looking at implementing part of the [Configurable Crypto Algorithms](https://docs.google.com/document/d/1-wF1t6lmJO37BzStbyz8ZkDhNm86HyvKZSaDl7uyHxI) proposa…
-
Currently every resource handling references to secret differently. We should standardise it into single method which is compatible with Kubernetes API conventions ([Naming](https://github.com/kuberne…
-
Cosign supports 'ambient credential detection' for a number of environments where OIDC identities are available by default. We should also similarly support:
- [x] GitHub Actions (#59)
- [x] Googl…
-
Right now, we have kind of hybrid CRD structure. You have two options how to deploy:
1) You can create [securesign](https://github.com/securesign/secure-sign-operator/blob/main/api/v1alpha1/secures…