docker/attest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
336 Commits 1 Branch 35 Tags
79bbc9b55bb7478fdc07ac4ad4360d3db675f542
Commit Graph

336 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joel Kamp
79bbc9b55b Merge pull request #198 from docker/dependabot/go_modules/github.com/sigstore/sigstore/pkg/signature/kms/aws-1.8.10 
feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.9 to 1.8.10
v0.6.7 		2024-10-17 08:31:45 -05:00
Joel Kamp
47669993c6 Merge branch 'main' into dependabot/go_modules/github.com/sigstore/sigstore/pkg/signature/kms/aws-1.8.10 2024-10-17 08:25:14 -05:00
Joel Kamp
7414fb7339 Merge pull request #199 from docker/dependabot/go_modules/github.com/sigstore/sigstore/pkg/signature/kms/gcp-1.8.10 
feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.9 to 1.8.10
 2024-10-17 08:24:47 -05:00
dependabot[bot]
0e1005d0f7 feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws 
Bumps [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) from 1.8.9 to 1.8.10.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.9...v1.8.10)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-17 13:18:42 +00:00
dependabot[bot]
94f69c75d2 feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp 
Bumps [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) from 1.8.9 to 1.8.10.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.9...v1.8.10)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-17 13:18:39 +00:00
Joel Kamp
b2e8166079 Merge pull request #200 from docker/dependabot/go_modules/github.com/sigstore/sigstore-1.8.10 
feat(deps): bump github.com/sigstore/sigstore from 1.8.9 to 1.8.10
 2024-10-17 08:16:22 -05:00
Joel Kamp
8c4ee60f50 Merge branch 'main' into dependabot/go_modules/github.com/sigstore/sigstore-1.8.10 2024-10-17 08:12:39 -05:00
mrjoelkamp
9b6234f0ae chore: go mod tidy 2024-10-17 08:12:10 -05:00
Joel Kamp
17b0978b44 Merge pull request #201 from docker/feat--add-verifier-version-to-vsa 
feat: add verifier version to vsa
 2024-10-17 08:09:17 -05:00
Joel Kamp
7ff20a9328 Merge branch 'main' into feat--add-verifier-version-to-vsa 2024-10-17 08:03:47 -05:00
James Carnegie
273b61ebd6 Merge branch 'main' into dependabot/go_modules/github.com/sigstore/sigstore-1.8.10 2024-10-17 09:36:58 +01:00
dependabot[bot]
eda0b23910 feat(deps): bump github.com/aws/aws-sdk-go-v2/config (#202) 
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.27.43 to 1.28.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.43...v1.28.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-17 09:36:43 +01:00
mrjoelkamp
4a82bb9981 feat: add version checker test 2024-10-16 15:18:34 -05:00
mrjoelkamp
84c0b116a7 feat: add verifier version to vsa 2024-10-16 12:01:31 -05:00
James Carnegie
16f65fefeb Merge branch 'main' into dependabot/go_modules/github.com/sigstore/sigstore-1.8.10 2024-10-16 10:13:44 +01:00
dependabot[bot]
e39a4ea9f3 feat(deps): bump google.golang.org/api from 0.200.0 to 0.201.0 (#197) 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.200.0 to 0.201.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.200.0...v0.201.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-16 10:13:11 +01:00
dependabot[bot]
2e4f8f79bd feat(deps): bump github.com/sigstore/sigstore from 1.8.9 to 1.8.10 
Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) from 1.8.9 to 1.8.10.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.9...v1.8.10)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-16 09:03:50 +00:00
James Carnegie
da667de610 feat: support arbitrary rego input parameters (#196) 
* feat: support arbitrary rego input parameters
v0.6.6 		2024-10-15 16:07:26 +01:00
Joel Kamp
7027d2d054 Merge pull request #188 from docker/dependabot/go_modules/github.com/sigstore/cosign/v2-2.4.1 
feat(deps): bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1
 2024-10-15 09:37:02 -05:00
mrjoelkamp
163c1828e3 chore: go mod tidy 2024-10-15 09:28:32 -05:00
dependabot[bot]
168a574c15 feat(deps): bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1 
Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.4.0 to 2.4.1.
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/cosign/compare/v2.4.0...v2.4.1)

---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-15 14:27:14 +00:00
Joel Kamp
ad2f8befa2 Merge pull request #195 from docker/dependabot/go_modules/google.golang.org/api-0.200.0 
feat(deps): bump google.golang.org/api from 0.199.0 to 0.200.0
 2024-10-15 08:53:56 -05:00
dependabot[bot]
8460357880 feat(deps): bump google.golang.org/api from 0.199.0 to 0.200.0 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.199.0 to 0.200.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.199.0...v0.200.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-15 13:44:46 +00:00
Joel Kamp
994240018e Merge pull request #187 from docker/dependabot/go_modules/github.com/containerd/containerd/v2-2.0.0-rc.5 
feat(deps): bump github.com/containerd/containerd/v2 from 2.0.0-rc.4 to 2.0.0-rc.5
 2024-10-15 08:42:03 -05:00
Joel Kamp
5c51ee7c19 Merge pull request #194 from docker/dependabot/go_modules/github.com/aws/aws-sdk-go-v2/config-1.27.43 
feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.39 to 1.27.43
 2024-10-15 08:36:49 -05:00
Joel Kamp
8ae43ba5e9 Merge branch 'main' into dependabot/go_modules/github.com/containerd/containerd/v2-2.0.0-rc.5 2024-10-15 08:33:48 -05:00
dependabot[bot]
ec659e62cd feat(deps): bump github.com/aws/aws-sdk-go-v2/config 
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.27.39 to 1.27.43.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.39...config/v1.27.43)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-09 08:42:48 +00:00
Joel Kamp
2d7f6cae3c Merge pull request #191 from docker/feat-vsa-input-attestations 
feat: vsa input attestations
 2024-10-08 08:30:06 -05:00
mrjoelkamp
a686de72fd feat: add input atts to result summary 2024-10-07 15:07:21 -05:00
mrjoelkamp
d58ce0c600 feat: add reference wrapper for envelope 2024-10-07 13:34:04 -05:00
dependabot[bot]
bf33de5b48 feat(deps): bump github.com/theupdateframework/go-tuf/v2 (#186) 
Bumps [github.com/theupdateframework/go-tuf/v2](https://github.com/theupdateframework/go-tuf) from 2.0.1 to 2.0.2.
- [Release notes](https://github.com/theupdateframework/go-tuf/releases)
- [Changelog](https://github.com/theupdateframework/go-tuf/blob/master/.goreleaser.yaml)
- [Commits](https://github.com/theupdateframework/go-tuf/compare/v2.0.1...v2.0.2)

---
updated-dependencies:
- dependency-name: github.com/theupdateframework/go-tuf/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
v0.6.5 		2024-10-02 10:05:46 +01:00
dependabot[bot]
b8ca85152d feat(deps): bump github.com/containerd/containerd/v2 
Bumps [github.com/containerd/containerd/v2](https://github.com/containerd/containerd) from 2.0.0-rc.4 to 2.0.0-rc.5.
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](https://github.com/containerd/containerd/compare/v2.0.0-rc.4...v2.0.0-rc.5)

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-02 08:36:57 +00:00
Joel Kamp
e06d8736df Merge pull request #182 from docker/dependabot/go_modules/github.com/aws/aws-sdk-go-v2/config-1.27.39 
feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.38 to 1.27.39
v0.6.4 		2024-10-01 16:02:00 -05:00
Joel Kamp
fcf98ebc3f Merge branch 'main' into dependabot/go_modules/github.com/aws/aws-sdk-go-v2/config-1.27.39 2024-10-01 15:46:46 -05:00
Joel Kamp
acd8d427a1 Merge pull request #185 from docker/dependabot/go_modules/github.com/open-policy-agent/opa-0.69.0 
feat(deps): bump github.com/open-policy-agent/opa from 0.68.0 to 0.69.0
 2024-10-01 15:46:34 -05:00
Joel Kamp
f2f13933df Merge branch 'main' into dependabot/go_modules/github.com/open-policy-agent/opa-0.69.0 2024-10-01 15:42:13 -05:00
Joel Kamp
503410bb7b Merge pull request #184 from docker/dependabot/go_modules/github.com/theupdateframework/go-tuf/v2-2.0.1 
feat(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.0.0 to 2.0.1
 2024-10-01 15:41:54 -05:00
dependabot[bot]
ac04e8a9ea feat(deps): bump github.com/open-policy-agent/opa from 0.68.0 to 0.69.0 
Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.68.0 to 0.69.0.
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-policy-agent/opa/compare/v0.68.0...v0.69.0)

---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/opa
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-01 08:30:48 +00:00
dependabot[bot]
e3927acf17 feat(deps): bump github.com/theupdateframework/go-tuf/v2 
Bumps [github.com/theupdateframework/go-tuf/v2](https://github.com/theupdateframework/go-tuf) from 2.0.0 to 2.0.1.
- [Release notes](https://github.com/theupdateframework/go-tuf/releases)
- [Changelog](https://github.com/theupdateframework/go-tuf/blob/master/.goreleaser.yaml)
- [Commits](https://github.com/theupdateframework/go-tuf/compare/v2.0.0...v2.0.1)

---
updated-dependencies:
- dependency-name: github.com/theupdateframework/go-tuf/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-01 08:30:33 +00:00
James Carnegie
c0510fb76c Support images as well as indexes in ImageDetailResolvers (#183) 
* build: Generate test data for unsigned and no provenance image indexes
* feat: Add function to build index without SBOM or provenance for linux/amd64 platform
* feat: add build_image function to build image without SBOM or provenance for linux/amd64
* feat: Rename NO_SBOM_NO_PROVENANCE_INDEX_DIR to UNSIGNED_IMAGE_DIR
* feat: support images in details resolvers
v0.6.3 		2024-09-30 20:53:13 +01:00
dependabot[bot]
251506fd9b feat(deps): bump github.com/aws/aws-sdk-go-v2/config 
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.27.38 to 1.27.39.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.38...config/v1.27.39)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-09-30 08:47:36 +00:00
dependabot[bot]
5e16b97e02 feat(deps): bump google.golang.org/api from 0.198.0 to 0.199.0 (#181) 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.198.0 to 0.199.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.198.0...v0.199.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
v0.6.2 		2024-09-27 15:11:28 +01:00
dependabot[bot]
0ff28b2deb feat(deps): bump github.com/aws/aws-sdk-go-v2/config (#180) 
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.27.35 to 1.27.38.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.35...config/v1.27.38)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-27 15:05:53 +01:00
Jonny Stoten
4ca962b70c Add function for parsing DOI definition files (#172) 
Add a Rego builtin called `attest.internals.parse_library_definition`
for parsing the DOI definition files in
https://github.com/docker-library/official-images/tree/master/library.
This will allow us to verify DOI provenance fields against these files
which are the source of truth for DOI images.

This function just defers to
https://github.com/docker-library/bashbrew/blob/master/manifest/rfc2822.go.
 2024-09-27 12:32:24 +01:00
Joel Kamp
2a4bef091e Merge pull request #179 from docker/fix-sign-unsigned-statements 
fix: only sign statements
 2024-09-26 10:02:41 -05:00
mrjoelkamp
bb0843cd51 fix: only sign statements 2024-09-24 15:12:46 -05:00
David Dooling
203577e965 Remove long-term aspiration from README (#174) 2024-09-20 09:06:02 -05:00
James Carnegie
a98604bdd5 chore: add rekor prod TUF system test (#176) 2024-09-20 11:02:36 +01:00
dependabot[bot]
02b8063d71 feat(deps): bump google.golang.org/api from 0.197.0 to 0.198.0 (#175) 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.197.0 to 0.198.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.197.0...v0.198.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-20 10:01:47 +01:00
Joel Kamp
dcf5c578dd Merge pull request #173 from docker/feat-support-containerd-subject-annotations 
feat: support containerd subject annotations
v0.6.1 		2024-09-19 16:03:32 -05:00