remove unsigned SBOM section from SBOM tutorial

chainguard-dev / edu

Educational Resources for Software Supply Chain Security

Other

74 stars 66 forks source link

Cosign complains when attaching unsigned SBOMs, and we shouldn't recommend this path when signed SBOMs are better.

WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations.
WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate amd_64.spdx --key <key path>'.

Type of change

deletion

What should this PR do?

remove the section about unsigned SBOMs

Why are we making this change?

we shouldn't recommend unsigned SBOMs, since Cosign complains about them, and signed SBOMs are better.

What are the acceptance criteria?

clarity and flow

How should this PR be tested?

n/a, nothing to test

Name	Link
Latest commit	ab96e23c82c7f0f47f2eb879ccc644172f087723
Latest deploy log	https://app.netlify.com/sites/ornate-narwhal-088216/deploys/66f556d8fcb71f00088effde
Deploy Preview	https://deploy-preview-1826--ornate-narwhal-088216.netlify.app
Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

Name

Link

Latest commit

ab96e23c82c7f0f47f2eb879ccc644172f087723

Latest deploy log

https://app.netlify.com/sites/ornate-narwhal-088216/deploys/66f556d8fcb71f00088effde

Deploy Preview

https://deploy-preview-1826--ornate-narwhal-088216.netlify.app

Preview on mobile

Toggle QR Code...

Use your smartphone camera to open QR code link.

chainguard-dev / edu