Feature: Add support for custom attestation predicate types #472
Comments
developer-guy
added a commit
to developer-guy/cosign
that referenced
this issue
Jul 28, 2021
Fixes sigstore#472 Signed-off-by: Batuhan Apaydın <[email protected]>
|
The documentation for the "well-known" precidates within the in-toto's attestation spec can be found by following the link: https://github.com/in-toto/attestation/blob/main/spec/README.md |
dlorenc
pushed a commit
that referenced
this issue
Jul 29, 2021
* add well-known attestation specs support to the attest command Fixes #472 Signed-off-by: Batuhan Apaydın <[email protected]> * fix lint issues, fix required json tag logic Signed-off-by: Batuhan Apaydın <[email protected]> * fix e2e test and license problems Signed-off-by: Batuhan Apaydın <[email protected]>
|
there is also another discussion going on about another type of predicate for vulnerability scans. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Right now we hardcode a specific one for cosign. We should add a flag to select a different one, and then have an index of "well-known" predicates that can be unmarshalled correctly/validated into a go struct
The text was updated successfully, but these errors were encountered: