Additional details on successful verification

[chipzoller]

Description

Today, when a manifest is successfully verified, other than a success message nothing else is shown. Owing to the fact that there is no verbosity flag (and the K8S_MANIFEST_SIGSTORE_LOG_LEVEL=trace env var does not show this), that means it isn't possible to show anything else. For example, what was the subject, who was the issuer, any annotations, cert details, etc? There needs to be some way to access more of this information especially when using the public Rekor instance and keyless signing.

[hirokuni-kitahara]

Sorry for no response on this issue, but after several updates, k8s-manifest-sigstore supports verification with some cosign details like issuer, rekor url and so on (link).
This does not expose details in the console, but users can use this feature to specify certs that should be allowed.
Let me close this now.