We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support changing slsa-verifier's command line options.
https://aquaproj.github.io/docs/reference/registry-config/slsa-provenance/
Some packages don't support --source-tag.
--source-tag
Currently, options are static.
aqua/pkg/slsa/exec.go
Lines 73 to 82 in 70f84d6
No response
If --source-tag isn't supported, we need to disable slsa_provenance, but this isn't desirable.
slsa_provenance
registry.yaml
slsa_provenance: opts: - --source-uri - https://github.com/<foo>/<bar> - --source-tag - {{.Version}}
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Feature Overview
Support changing slsa-verifier's command line options.
https://aquaproj.github.io/docs/reference/registry-config/slsa-provenance/
Why is the feature needed?
Some packages don't support
--source-tag
.--source-tag
xeol-io/xeol#210Currently, options are static.
aqua/pkg/slsa/exec.go
Lines 73 to 82 in 70f84d6
How to reproduce the issue
No response
Workaround
If
--source-tag
isn't supported, we need to disableslsa_provenance
, but this isn't desirable.Example Code
registry.yaml
Reference
No response
The text was updated successfully, but these errors were encountered: