Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add cosign attachment signing and verification #615

Merged
merged 1 commit into from
Sep 3, 2021

Conversation

sambhav
Copy link
Contributor

@sambhav sambhav commented Sep 2, 2021

Signed-off-by: Sambhav Kothari [email protected]

Fixes #610

@sambhav sambhav force-pushed the attachment branch 4 times, most recently from 1ba0a98 to 39033f9 Compare September 3, 2021 00:02
Copy link
Member

@dlorenc dlorenc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! One comment about the suffix.

cmd/cosign/cli/sign.go Outdated Show resolved Hide resolved
cmd/cosign/cli/verify.go Outdated Show resolved Hide resolved
cmd/cosign/cli/verify.go Outdated Show resolved Hide resolved
cmd/cosign/cli/sign.go Outdated Show resolved Hide resolved
@cpanato cpanato added this to the v1.2.0 milestone Sep 3, 2021
@sambhav sambhav marked this pull request as ready for review September 3, 2021 15:21
@dlorenc dlorenc merged commit 79fa380 into sigstore:main Sep 3, 2021
@sambhav sambhav deleted the attachment branch September 3, 2021 17:44
@ChristianCiach ChristianCiach mentioned this pull request Oct 4, 2022
ChristianCiach added a commit to ChristianCiach/cosign that referenced this pull request Oct 4, 2022
This is probably a copy/paste-mistake, since the text is the same as in https://github.com/sigstore/cosign/blob/main/cmd/cosign/cli/options/sign.go

The help text was originally added by sigstore#615

#### Release Note
NONE


Signed-off-by: ChristianCiach <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Allow sbom signing and verification during attach and download
3 participants