You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Cosign Bundle Specification
Multiple formats exist to attach the attestations to a container registry. We are following the format and mechanism described by the Cosign Bundle Spec
Here is an example implementation of publishing images with their attestations via Github Actions, and for manual steps to verify the validity of the attestation.
The text was updated successfully, but these errors were encountered:
Attestations are ways to attest the provenance of the image. Here is an example of an attestation (processed by GitHub).
In our case, we want to ensure that these fields are the expected ones:
Source Repository URIRunner Environmentgithub-hostedBuild Signer URIhttps://github.com/freedomofpress/dangerzone/.github/workflows/release-container-image.yml*Note
Cosign Bundle Specification
Multiple formats exist to attach the attestations to a container registry. We are following the format and mechanism described by the Cosign Bundle Spec
Here is an example implementation of publishing images with their attestations via Github Actions, and for manual steps to verify the validity of the attestation.
The text was updated successfully, but these errors were encountered: