attest

Author	SHA1	Message	Date
Joel Kamp	e06d8736df	Merge pull request #182 from docker/dependabot/go_modules/github.com/aws/aws-sdk-go-v2/config-1.27.39 feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.38 to 1.27.39 v0.6.4	2024-10-01 16:02:00 -05:00
Joel Kamp	fcf98ebc3f	Merge branch 'main' into dependabot/go_modules/github.com/aws/aws-sdk-go-v2/config-1.27.39	2024-10-01 15:46:46 -05:00
Joel Kamp	acd8d427a1	Merge pull request #185 from docker/dependabot/go_modules/github.com/open-policy-agent/opa-0.69.0 feat(deps): bump github.com/open-policy-agent/opa from 0.68.0 to 0.69.0	2024-10-01 15:46:34 -05:00
Joel Kamp	f2f13933df	Merge branch 'main' into dependabot/go_modules/github.com/open-policy-agent/opa-0.69.0	2024-10-01 15:42:13 -05:00
Joel Kamp	503410bb7b	Merge pull request #184 from docker/dependabot/go_modules/github.com/theupdateframework/go-tuf/v2-2.0.1 feat(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.0.0 to 2.0.1	2024-10-01 15:41:54 -05:00
dependabot[bot]	ac04e8a9ea	feat(deps): bump github.com/open-policy-agent/opa from 0.68.0 to 0.69.0 Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.68.0 to 0.69.0. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-policy-agent/opa/compare/v0.68.0...v0.69.0) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2024-10-01 08:30:48 +00:00
dependabot[bot]	e3927acf17	feat(deps): bump github.com/theupdateframework/go-tuf/v2 Bumps [github.com/theupdateframework/go-tuf/v2](https://github.com/theupdateframework/go-tuf) from 2.0.0 to 2.0.1. - [Release notes](https://github.com/theupdateframework/go-tuf/releases) - [Changelog](https://github.com/theupdateframework/go-tuf/blob/master/.goreleaser.yaml) - [Commits](https://github.com/theupdateframework/go-tuf/compare/v2.0.0...v2.0.1) --- updated-dependencies: - dependency-name: github.com/theupdateframework/go-tuf/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2024-10-01 08:30:33 +00:00
James Carnegie	c0510fb76c	Support images as well as indexes in ImageDetailResolvers (#183 ) * build: Generate test data for unsigned and no provenance image indexes * feat: Add function to build index without SBOM or provenance for linux/amd64 platform * feat: add build_image function to build image without SBOM or provenance for linux/amd64 * feat: Rename NO_SBOM_NO_PROVENANCE_INDEX_DIR to UNSIGNED_IMAGE_DIR * feat: support images in details resolvers v0.6.3	2024-09-30 20:53:13 +01:00
dependabot[bot]	251506fd9b	feat(deps): bump github.com/aws/aws-sdk-go-v2/config Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.27.38 to 1.27.39. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.38...config/v1.27.39) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2024-09-30 08:47:36 +00:00
dependabot[bot]	5e16b97e02	feat(deps): bump google.golang.org/api from 0.198.0 to 0.199.0 (#181 ) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.198.0 to 0.199.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.198.0...v0.199.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> v0.6.2	2024-09-27 15:11:28 +01:00
dependabot[bot]	0ff28b2deb	feat(deps): bump github.com/aws/aws-sdk-go-v2/config (#180 ) Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.27.35 to 1.27.38. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.35...config/v1.27.38) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-09-27 15:05:53 +01:00
Jonny Stoten	4ca962b70c	Add function for parsing DOI definition files (#172 ) Add a Rego builtin called `attest.internals.parse_library_definition` for parsing the DOI definition files in https://github.com/docker-library/official-images/tree/master/library. This will allow us to verify DOI provenance fields against these files which are the source of truth for DOI images. This function just defers to https://github.com/docker-library/bashbrew/blob/master/manifest/rfc2822.go.	2024-09-27 12:32:24 +01:00
Joel Kamp	2a4bef091e	Merge pull request #179 from docker/fix-sign-unsigned-statements fix: only sign statements	2024-09-26 10:02:41 -05:00
mrjoelkamp	bb0843cd51	fix: only sign statements	2024-09-24 15:12:46 -05:00
David Dooling	203577e965	Remove long-term aspiration from README (#174 )	2024-09-20 09:06:02 -05:00
James Carnegie	a98604bdd5	chore: add rekor prod TUF system test (#176 )	2024-09-20 11:02:36 +01:00
dependabot[bot]	02b8063d71	feat(deps): bump google.golang.org/api from 0.197.0 to 0.198.0 (#175 ) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.197.0 to 0.198.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.197.0...v0.198.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-09-20 10:01:47 +01:00
Joel Kamp	dcf5c578dd	Merge pull request #173 from docker/feat-support-containerd-subject-annotations feat: support containerd subject annotations v0.6.1	2024-09-19 16:03:32 -05:00
mrjoelkamp	0378c94226	test: make test layouts smaller	2024-09-19 15:36:20 -05:00
mrjoelkamp	fd4e741a1f	feat: support containerd subject annotations	2024-09-19 15:10:56 -05:00
James Carnegie	2ace988b1c	chore: add test for RegoFnOpts (#171 ) v0.6.0	2024-09-19 13:54:10 +01:00
dependabot[bot]	be7a17f214	feat(deps): bump github.com/sigstore/sigstore from 1.8.8 to 1.8.9 (#169 ) Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) from 1.8.8 to 1.8.9. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.8.8...v1.8.9) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-09-19 11:24:30 +01:00
dependabot[bot]	1a49b5c068	chore(deps): bump actions/create-github-app-token from 1.10.4 to 1.11.0 (#164 ) Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 1.10.4 to 1.11.0. - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](`3378cda945...5d869da34e`) --- updated-dependencies: - dependency-name: actions/create-github-app-token dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-09-19 11:18:57 +01:00
James Carnegie	3e82338649	refactor: remove explicit closures. expose rego fns (#170 )	2024-09-19 11:04:00 +01:00
James Carnegie	4a70e5ae36	Add platform filtering support to mapping.yml (#167 ) * chore!: rename package config -> mapping * feat: add platform filtering support to mapping.yml	2024-09-18 21:11:55 +01:00
James Carnegie	05caa959c4	Use a Factory to create signature verifiers at policy evaluation time (#165 ) * Make verifiers composable * fix: remove unused code and improve signature verification logic * fix: simplify abstractions and renamed some things * fix: improve tl interface. * fix: sort out signer/verifier	2024-09-18 13:34:10 +01:00
dependabot[bot]	5335a56da1	feat(deps): bump github.com/aws/aws-sdk-go-v2/config (#168 ) Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.27.33 to 1.27.35. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.33...config/v1.27.35) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-09-18 09:43:50 +01:00
Jonny Stoten	7fffbf9d3f	Suppress logs from ecr credential helper (#163 ) This gets rid of those annoying logs like: ``` time="2024-09-11T15:22:04Z" level=error msg="Error parsing the serverURL" error="docker-credential-ecr-login can only be used with Amazon Elastic Container Registry." serverURL="localhost:5000" time="2024-09-11T15:22:04Z" level=error msg="Error parsing the serverURL" error="docker-credential-ecr-login can only be used with Amazon Elastic Container Registry." serverURL="localhost:5000" time="2024-09-11T15:22:04Z" level=error msg="Error parsing the serverURL" error="docker-credential-ecr-login can only be used with Amazon Elastic Container Registry." serverURL="localhost:5000" time="2024-09-11T15:22:04Z" level=error msg="Error parsing the serverURL" error="docker-credential-ecr-login can only be used with Amazon Elastic Container Registry." serverURL="localhost:5000" ``` v0.5.2	2024-09-11 16:36:28 +01:00
dependabot[bot]	070fa33d0d	feat(deps): bump google.golang.org/api from 0.196.0 to 0.197.0 (#162 ) Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.196.0 to 0.197.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.196.0...v0.197.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-09-11 12:27:09 +01:00
Jonny Stoten	602295492f	fix: regexes for autolabeler (#160 ) * Fix regexes for autolabeler * Remove branch autolabeler rules	2024-09-10 21:02:05 +01:00
Jonny Stoten	6edcc3d5d7	Test on Go 1.23 as well (#161 )	2024-09-10 17:40:43 +01:00
Jonny Stoten	c029bcfbaa	feat: add a prefix path to TUF client (#159 ) This is to allow us to store new policy files in the production TUF repository under a testing delegation, and for clients to opt-in to using this testing delegation when retrieving policy from TUF. If the prefix path is set, it is prepended to every target path on download with path.Join. For example, if the prefix path is testing and we download the target a/b, the TUF client with actually download testing/a/b. Also get the latest testdata from tuf-dev.	2024-09-10 17:40:20 +01:00
James Carnegie	206b33c5d9	fix: expose version and user agent to consumers (#158 ) v0.5.1	2024-09-09 12:08:01 -05:00
James Carnegie	b4e6767cc6	feature!: support for setting HTTP User-Agent header (#157 ) * feature!: support for setting HTTP User-Agent header * fix lint * fix e2e * refactor: move http.go to internal/util/useragent package and rename functions to Get and Set * Move packages and use attest version v0.5.0	2024-09-09 14:22:17 +01:00
James Carnegie	ed0ae8ecf6	fix: verify mapped image name against subjects (#156 ) * fix: verify mapped image name against subjects v0.4.4	2024-09-05 08:08:55 -05:00
Joel Kamp	a363be7f3a	Merge pull request #150 from docker/dependabot/go_modules/google.golang.org/api-0.196.0 feat(deps): bump google.golang.org/api from 0.195.0 to 0.196.0 v0.4.3	2024-09-04 16:47:27 -05:00
dependabot[bot]	99846a3483	feat(deps): bump google.golang.org/api from 0.195.0 to 0.196.0 Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.195.0 to 0.196.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.195.0...v0.196.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2024-09-04 21:43:32 +00:00
Joel Kamp	f760b12bb2	Merge pull request #151 from docker/dependabot/go_modules/github.com/sigstore/sigstore/pkg/signature/kms/gcp-1.8.9 feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.8 to 1.8.9	2024-09-04 16:41:22 -05:00
Joel Kamp	bab474669f	Merge pull request #155 from docker/dependabot/go_modules/github.com/aws/aws-sdk-go-v2/config-1.27.33 feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.31 to 1.27.33	2024-09-04 16:40:18 -05:00
dependabot[bot]	0705a71115	feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp Bumps [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) from 1.8.8 to 1.8.9. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.8.8...v1.8.9) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2024-09-04 21:37:46 +00:00
dependabot[bot]	b00e02af01	feat(deps): bump github.com/aws/aws-sdk-go-v2/config Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.27.31 to 1.27.33. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.31...config/v1.27.33) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2024-09-04 21:36:36 +00:00
Joel Kamp	ff53657cc9	Merge pull request #153 from docker/dependabot/github_actions/actions/create-github-app-token-1.10.4 chore(deps): bump actions/create-github-app-token from 1.10.3 to 1.10.4	2024-09-04 16:34:38 -05:00
Joel Kamp	c8383f3f5a	Merge pull request #149 from docker/dependabot/go_modules/github.com/sigstore/sigstore/pkg/signature/kms/aws-1.8.9 feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.8 to 1.8.9	2024-09-04 16:33:50 -05:00
Joel Kamp	dc247bd348	Merge pull request #143 from docker/dependabot/go_modules/github.com/open-policy-agent/opa-0.68.0 feat(deps): bump github.com/open-policy-agent/opa from 0.67.1 to 0.68.0	2024-09-04 16:33:28 -05:00
Joel Kamp	ce7d173150	Merge pull request #154 from docker/feat--add-slsa-v1-predicate-type feat: add slsa v1 predicate type	2024-09-04 16:32:21 -05:00
mrjoelkamp	fb69d9a09b	feat: add slsa v1 predicate type	2024-09-04 16:15:56 -05:00
James Carnegie	48e58a9115	Verify input image/platform against attestation subjects before passing to rego (#148 ) * feat: verify subjects before passing to rego	2024-09-04 10:20:00 +01:00
dependabot[bot]	bfacaf1de0	chore(deps): bump actions/create-github-app-token from 1.10.3 to 1.10.4 Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 1.10.3 to 1.10.4. - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](`31c86eb3b3...3378cda945`) --- updated-dependencies: - dependency-name: actions/create-github-app-token dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2024-09-04 08:46:09 +00:00
dependabot[bot]	67ad27ac22	feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws Bumps [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) from 1.8.8 to 1.8.9. - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](https://github.com/sigstore/sigstore/compare/v1.8.8...v1.8.9) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2024-09-04 08:41:30 +00:00
James Carnegie	41847ef238	fix: escape ! remove .* (global match) (#146 )	2024-09-03 12:24:26 +01:00

1 2 3 4 5 ...

304 Commits