You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For future improvements these are the things I think we should address:
appending signature to transparency log is the default in v2 (where it was only done for keyless in v1) and we can opt out. We should provide that option.
verify image using keyless verification with the given certificate chain and identity parameters, without Fulcio roots (for BYO PKI): cosign verify --cert-chain chain.crt --certificate-oidc-issuer https://issuer.example.com --certificate-identity [email protected] <IMAGE>
k8s-keychain, whether to use the kubernetes keychain instead of the default keychain (supports workload identity).
rekor-url, for private rekor instances
signature-digest-algorithm, the default is sha-256
There is also the topic of sbom attachement but there is different discussion for that.
Originally posted by @souleb in #1096 (comment)
The text was updated successfully, but these errors were encountered: