feat: Add cosign registry opts for provenance registry

slsa-framework / slsa-verifier

Verify provenance from SLSA compliant builders

Apache License 2.0

226 stars 48 forks source link

feat: Add cosign registry opts for provenance registry #729

Closed saisatishkarra closed 9 months ago

saisatishkarra commented 9 months ago

triggered on specification of COSIGN_REPOSITORY env

saisatishkarra commented 9 months ago

see comment

laurentsimon commented 9 months ago

Thanks. Let me know if you're OK with my latest comment https://github.com/slsa-framework/slsa-github-generator/issues/3024#issuecomment-1875722666

saisatishkarra commented 9 months ago

Thanks. Let me know if you're OK with my latest comment slsa-framework/slsa-github-generator#3024 (comment)

Sounds good to me!! lets get this merged and tested out against e2e in the main!! That should support the feature in the first place. As a second iteration we could an explicit variable in the verifier along side the environment variable