-
**Description**
When running `cosign attest` command with `keyless`, cosign outputs an error thats not present when running cosign locally.
```
cosign attest --identity-token eyJhbGciOiJSUzI1NiIs…
-
**Description**
I have an image, `quay.io/lucarval/tekton-test:914262188b`, which has been signed and attested by Tekton Chains. When using cosign 1.11.0, the `verify-attestation` command fails if …
-
**Description**
Verify-attestation's help says that type can use an URI, but I got the error when I passed an URI.
> --type string specify a predicate type (slsaprovenance|link|spdx|spdxjs…
-
Docs on how to verify provenance generated by the generic workflow with [Kyverno](https://kyverno.io/).
Kyverno docs on verifying images is here: https://kyverno.io/docs/writing-policies/verify-ima…
-
I have Github build running which is building three docker images, for each docker image I want attestation.intoto.jsonl file but I am only getting one file in Artifacts. Is it due to static name and …
-
https://slsa.dev/spec/v0.1/requirements
For SLSA 1 we need to do the following:
- Build:
- ~~Scripted Build: All build steps were fully defined in some sort of “build script”. The only manual…
-
- [x] Example for generating provenance and storing in ghcr.io (#390)
- [x] Examples of policy verification with [Kyverno](https://kyverno.io/) (#389)
- [ ] Examples of policy verification with [OPA…
-
Let's make sure output is accurate and informative for GA
-
**Description**
We added this support for uploading attestation to the registries in PR #504 but we haven't added this support for verifying attestations against claims yet, so we have to add …