Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support changing slsa-verifier's options #2392

Open
suzuki-shunsuke opened this issue Oct 27, 2023 · 0 comments
Open

Support changing slsa-verifier's options #2392

suzuki-shunsuke opened this issue Oct 27, 2023 · 0 comments
Labels
enhancement New feature or request

Comments

@suzuki-shunsuke
Copy link
Member

Feature Overview

Support changing slsa-verifier's command line options.

https://aquaproj.github.io/docs/reference/registry-config/slsa-provenance/

Why is the feature needed?

Some packages don't support --source-tag.

Currently, options are static.

aqua/pkg/slsa/exec.go

Lines 73 to 82 in 70f84d6

args := []string{
"verify-artifact",
param.ArtifactPath,
"--provenance-path",
provenancePath,
"--source-uri",
param.SourceURI,
"--source-tag",
param.SourceTag,
}

How to reproduce the issue

No response

Workaround

If --source-tag isn't supported, we need to disable slsa_provenance, but this isn't desirable.

Example Code

registry.yaml

slsa_provenance:
  opts:
    - --source-uri
    - https://github.com/<foo>/<bar>
    - --source-tag
    - {{.Version}}

Reference

No response
@suzuki-shunsuke suzuki-shunsuke added the enhancement New feature or request label Oct 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
main
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
1 participant
@suzuki-shunsuke