-
Captured from PRs
- [x] Writes to quay.io currently (Oct 13 2022) fail with HTTP status 500
- [ ] Unit tests for #1595 , at least the config file handling
- [ ] Unit tests for #1597
- [ ] Unit t…
-
**Description**
Using `git config --global gitsign.connectorID https://github.com/login/oauth` with gitsign and then perform multiple commits can result in reaching the [secondary rate limit](https…
Fydon updated
2 months ago
-
There are a number of places where users must ask "does this signature come from X?" where X is an "identity." This is actually non-trivial to get right: you can't just ask for `user@example.com` beca…
-
Hi,
Starting with 8.8.0, the Elastic images are now [signed with Cosign Sigstore](https://www.elastic.co/guide/en/elasticsearch/reference/8.8/docker.html#docker-verify-signature) as you can see bel…
-
Checkout https://www.csoonline.com/article/3662782/sigstore-explained-how-it-helps-secure-the-software-supply-chain.html to know what Sigstore is and why it's important to use it.
For Maven, Sonaty…
-
### Summary
Hi there! I wonder if scicookie as a cookiecutter template could generate SLSA3 provenance for Python-based build artifacts (the source distribution and wheels) in the template files by d…
-
**Description**
We've created a Verifiers API in the Entries interface to abstract extracting "verifiers" - eg certificates, public keys, pgp keys, etc - from a given entry. This would simplify…
-
Hi,
I wanted to ask if the feature "Signing models" is also planned for the new Model Zoo.
The following issue contains more details for reference.
https://github.com/onnx/onnx/issues/4046
Th…
-
When I enabled k8s-image-swapper it turned out that kyverno's image signature verification is failing.
So while k8s-image-swapper works fine for pulling/pushing docker images and mutating their ref…
wosiu updated
3 weeks ago
-
Users of Taquito would like assurance that Taquito packages are secure and untampered via software supply chain attacks
**Describe the solution you'd like**
Investigate the use of [sigstore.dev …