Issues
- 0
Attaching the signature artifact to the Image artifact
#3935 opened by wieringen - 1
- 0
- 0
Warn users if fetching trusted root via TUF
#3932 opened by steiza - 7
- 2
- 5
Cosign cannot verify intoto attestations
#3926 opened by cperlman - 0
- 2
- 1
- 0
SIGNATURE_SPEC.md references USAGE.md It does so regarding offline verification using a bundle. But USAGE.md has been removed.
#3908 opened by hallyn - 0
- 0
Request to move away from `github.com/chrismellard/docker-credential-acr-env`
#3913 opened by petercanva - 0
scorecard badge goes to json api instead of the picture
#3911 opened by andy778 - 1
Allow signing local image without registry access
#3832 opened by bkabrda - 1
Ability to send the unhashed payload for signing?
#3906 opened by goatwu1993 - 2
Cosign cannot verify signatures generated with RSA keys
#3903 opened by cperlman - 1
- 1
Cosign Keyless Sign OIDC Providers
#3890 opened by alecrevangelista - 2
- 3
RFE: Support configuration to map image references to different sigstore deployments
#3873 opened by lcarva - 0
cosign doesn't take certificate for verification
#3885 opened by omkhard - 0
Installation link on README is broken
#3883 opened by sota1235 - 0
- 0
TUF client unit tests are messy and use network calls
#3878 opened by cmurphy - 2
- 0
- 3
Bundle inspection and generation utilities
#3794 opened by haydentherapper - 1
Create subcommands to help people move to trusted roots and protobuf ("new") bundles
#3855 opened by steiza - 2
- 0
- 1
CVE-2024-41110 critical on cosign
#3845 opened by LionnelC - 1
Cuelang version error with go installer
#3786 opened by arthurus-rex - 4
- 1
Allow "Issuer" and "Subject" during a verification to be the Distinguished Names "Common Name" Fields of the x509 certificates
#3835 opened by vigno88 - 1
Sign with a passkey signature
#3833 opened by gedw99 - 0
invalid PEM value error trying to validate an SBOM attestation signed with a local key pair
#3831 opened by rvillane - 1
- 0
AWS KMS Keys appear to only be able to use RSASSA_PKCS1_V1_5_SHA_256 signing algorithm
#3807 opened by trevorlinton - 1
sign: Include rekor entry ID in output
#3805 opened by stephen-fox - 0
Improve error message for failed SCT verification
#3798 opened by bkabrda - 0
- 2
Sigstore
#3787 opened by Diamondb32 - 1
- 0
feature: 'cosign verify-*' add flags --ca-roots and --ca-intermediates to allow multiple CA roots
#3759 opened by dmitris - 1
expand LoadPrivateKey in pkg/cosign to support Sigstore Encrypted EC keys ("EC PRIVATE KEY" format)
#3775 opened by dmitris - 6
`cosign` and `fulcio` disagree on proof of possession
#3777 opened by mattmoor - 4
fix golangci-lint issues in the test/ directory
#3760 opened by dmitris - 1
main.go:74: error during command execution: signing <registry>/<app>@s<digest>: PUT https://***att: MANIFEST_INVALID: manifest invalid; map[description:Could not locate artifact '***.att/manifest.json'
#3758 opened by blueacidification - 1
go 1.22 is required for developers, not go 1.19
#3763 opened by bminahan73