Verify the Docker Image

Code Coverage Summary uses Docker images stored on GitHub Container Registry and cryptographically signed using Sigstore.

How to Verify the Docker Image

Install sigstore/cosign.
Run: COSIGN_EXPERIMENTAL=1 cosign verify ghcr.io/irongut/codecoveragesummary:v1.3.0

Replace the version number in the command with the CCS version you want to verify.

COSIGN_EXPERIMENTAL=1 cosign verify ghcr.io/irongut/codecoveragesummary:v1.3.0

Verification for ghcr.io/irongut/codecoveragesummary:v1.3.0 --
The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - Existence of the claims in the transparency log was verified offline
  - Any certificates were verified against the Fulcio roots.

In the JSON data that follows the docker-manifest-digest values should contain the hash value shown in the table below and on the Package page.

CCS Version	SHA256 Hash
v1.3.0	daebdede906ca84788b94378a1504a88d38621198d3836df24d60d6215e64a86
v1.3.0-beta	2f250007c6792c7e6384607ea65ac9b7911cffb81eb8b83946bad2139a3fe5d5

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Verify the Docker Image

How to Verify the Docker Image

Clone this wiki locally