Issues
- 1
Reconsider deprecation of SBOM attachments
#3685 opened by marklechner - 2
cosign verify with certificates requires the --certificate-identity and --certificate-oidc-issuer flags
#3671 opened by dhaus67 - 1
- 1
`cosign.VerifyImageAttestations` fails to verify attestations, returns `unable to verify bundle: matching bundle to payload: invalid kind value: "dsse"`"
#3677 opened by justpolidor - 2
- 0
Cosign should check Media Type of the layer before download of the signature
#3669 opened by Mukuls77 - 2
Allow insecure registryies with cosign save.
#3630 opened by bisbell-ngc - 2
- 2
Why calling v2 referrers api and including all signature layer in new signature manifest
#3659 opened by MinerYang - 0
- 1
Wrong timestamp inside signature
#3657 opened by RockRich - 15
Sigstore Bundle as OCI Artifact
#3577 opened by bdehamer - 3
Cosign / rpm integrations meta-issue
#3523 opened by lkatalin - 0
Memory Leak identified in cosign verify flow
#3642 opened by Mukuls77 - 0
Add OVHcloud Managed Registry in the README
#3638 opened by scraly - 1
- 3
Signature Verification
#3585 opened by suryabaiarava - 0
Enable annotations to be set on attestations and signatures when OCI artifacts are uploaded
#3640 opened by arewm - 4
- 5
- 2
Error: getting ctlog public keys: updating local metadata and targets: error updating to TUF remote mirror: invalid key
#3614 opened by Tim-Schwalbe - 9
- 3
generate key pair key prefix option is not working
#3620 opened by miki725 - 3
- 0
- 0
cosign sign with hashivault as KMS without transit
#3611 opened by VenutNSA - 9
- 2
- 0
The sample script for working with blobs is inaccurate
#3609 opened by arewm - 3
Cosign targets Go 1.21, but uses 1.22 only dependency `github.com/buildkite/agent/v3@v3.65.0`
#3608 opened by cardil - 1
- 2
Upgrade to latest Sigstore TUF client
#3548 opened by haydentherapper - 2
- 1
- 2
- 1
main.go:74: error during command execution: signing ... accessing image: Get "https://docker/v2/"
#3570 opened by niteeshkd - 1
Container Signing using CA Certificate
#3573 opened by suryabaiarava - 1
"cosign verify-blob" or "cosign verify" with local certificate and chain always asks for oidc provider
#3572 opened by fernandokarnagi - 0
Switch to Fulcio v2 API
#3569 opened by haydentherapper - 0
feature: 'cosign sign' add flags --ca-roots and --ca-intermediates to allow multiple CA roots
#3568 opened by dmitris - 1
verify-attestation should support --platform argument
#3552 opened by querti - 6
Mediatype for SPDX should be application/spdx+json
#3515 opened by lumjjb - 5
cosign could not import encrypted RSA or ECDSA keys ?
#3512 opened by viveksahu26 - 0
ErrNoSignaturesFound should be used when there is no signature attached to an image.
#3525 opened by zhaoyonghe - 3
- 3
getting error while running e2e test locally
#3498 opened by viveksahu26 - 4
- 1
OSS security index card
#3511 opened by viveksahu26 - 2
CI tests failing on main
#3500 opened by haydentherapper - 1