New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade Cosign to v2.0 #1665
Comments
Breaking Changes
|
Either --certificate-identity or --certificate-identity-regexp must be set for keyless flows --certificate-identity stringThe identity expected in a valid Fulcio certificate. --certificate-identity-regexp stringA regular expression alternative to --certificate-identity. |
https://twitter.com/szkdash/status/1770279982088233427 https://sigstore.slack.com/archives/C01DGF0G8U9/p1710871645742299 Probably we have to handle this issue as soon as possible because a new TUF trust root for Sigstore has been published and it isn't compatible with Cosign v1. https://blog.sigstore.dev/tuf-root-update/
Workaround: Disable Cosignhttps://aquaproj.github.io/docs/reference/security/cosign-slsa/#how-to-disable-cosign-and-slsa As a workaround, you can disable Cosign verification. |
--certificate-oidc-issuer
|
|
|
v2.25.1 is out 🎉 |
aqua/pkg/cosign/version.go
Lines 1 to 13 in d7d89dc
The text was updated successfully, but these errors were encountered: