cosign

pool/cosign

SHA256

Fork 1

5194e46057 Accepting request 1323778 from security factory Dominique Leuenberger 2025-12-20 20:46:52 +00:00
dd8a687f46 - Update to version 3.0.3: * 4554: Closes 4554 - Add warning when --output* is used (#4556) * chore(deps): bump golangci/golangci-lint-action from 8.0.0 to 9.1.0 (#4545) * chore(deps): bump github.com/buildkite/agent/v3 from 3.111.0 to 3.113.0 (#4542) * chore(deps): bump github.com/awslabs/amazon-ecr-credential-helper/ecr-login (#4543) * chore(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#4546) * chore(deps): bump the actions group with 4 updates (#4544) * chore(deps): bump the gomod group across 1 directory with 5 updates (#4567) * chore(deps): bump golang from 1.25.4 to 1.25.5 in the all group (#4568) * update builder to use go1.25.5 (#4566) * Protobuf bundle support for subcommand clean (#4539) * Add staging flag to initialize with staging TUF metadata * update slack invite link (#4560) * Updating sign-blob to also support signing with a certificate (#4547) * Bump sigstore library dependencies (#4532) * Protobuf bundle support for subcommands save and load (#4538) * Fix cert attachment for new bundle with signing config * Fix OCI verification with local cert - old bundle * chore(deps): bump github.com/sigstore/fulcio from 1.7.1 to 1.8.1 (#4519) * chore(deps): bump golang.org/x/crypto in /test/fakeoidc (#4535) * chore(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 (#4536) * update go builder and cosign (#4529) * chore(deps): bump the gomod group across 1 directory with 7 updates (#4528) * chore(deps): bump sigstore/cosign-installer from 3.10.0 to 4.0.0 (#4478) * chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4520) * chore(deps): bump golang from 1.25.3 to 1.25.4 in the all group (#4515) * chore(deps): bump golang.org/x/oauth2 from 0.32.0 to 0.33.0 (#4518) * chore(deps): bump cuelang.org/go from 0.14.2 to 0.15.0 (#4524) * chore(deps): bump github.com/open-policy-agent/opa from 1.9.0 to 1.10.1 (#4521) * chore(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#4502) Marcus Meissner 2025-12-20 13:56:49 +00:00
89206174bb Accepting request 1305829 from security Ana Guerrero 2025-09-18 19:12:18 +00:00
4215a03741 - Update to version 2.6.0: - Require exclusively a SigningConfig or service URLs when signing (#4403) - Add a terminal spinner while signing with sigstore-go (#4402) - Bump sigstore-go, support alternative hash algorithms with keys (#4386) - Add support for SigningConfig in sign/attest (#4371) - Support self-managed keys when signing with sigstore-go (#4368) - Remove SHA256 assumption in sign-blob/verify-blob (#4050) - introduce dockerfile to pin the go version to decouple go version from go.mod (#4369) - refactor: extract function to write referrer attestations (#4357) - Break import cycle with e2e build tag (#4370) - Update conformance test binary for signing config (#4367) - update builder image to use go1.25 (#4366) - Don't load content from TUF if trusted root path is specified (#4347) - Don't require timestamps when verifying with a key (#4337) - Fixes to cosign sign / verify for the new bundle format (#4346) - update builder to use go1.24.6 (#4334) - bump golangci-lint to v2.3.x (#4333) - Have cosign sign support bundle format (#4316) - Add support for SigningConfig for sign-blob/attest-blob, support Rekor v2 (#4319) - Verify subject with bundle only when checking claims (#4320) - Add to attest-blob the ability to supply a complete in-toto statement, and add to verify-blob-attestation the ability to verify with just a digest (#4306) Marcus Meissner 2025-09-18 13:50:01 +00:00
9609eb599a Sync changes to SLFO-1.2 branch slfo-main slfo-1.2 Adrian Schröter 2025-08-20 09:10:07 +02:00
7c999b79a8 Accepting request 1294392 from security Ana Guerrero 2025-07-18 14:00:30 +00:00
eeb208e500 Accepting request 1294385 from home:msmeissn:branches:security Marcus Meissner 2025-07-18 13:20:46 +00:00
8a1466b7cb Accepting request 1294378 from home:msmeissn:branches:security Marcus Meissner 2025-07-18 12:41:48 +00:00
a2684e2f39 Accepting request 1268968 from security Ana Guerrero 2025-04-14 10:58:14 +00:00
a0a4ed15ea - Update to version 2.5.0: * Update sigstore-go to pick up bug fixes (#4150) * Update golangci-lint to v2, update golangci-lint-action (#4143) * Feat/non filename completions (#4115) * update builder to use go1.24.1 (#4116) * Add support for new bundle specification for attesting/verifying OCI image attestations (#3889) * Remove cert log line (#4113) * cmd/cosign/cli: fix typo in ignoreTLogMessage (#4111) * bump to latest scaffolding release for testing (#4099) * increase 2e2_test docker compose tiemout to 180s (#4091) * Fix replace with compliant image mediatype (#4077) * Add TSA certificate related flags and fields for cosign attest (#4079) - Security issues fixed: - CVE-2024-6104: cosign: hashicorp/go-retryablehttp: url might write sensitive information to log file (bsc#1227031) - CVE-2024-51744: cosign: github.com/golang-jwt/jwt/v4: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt (bsc#1232985) - CVE-2025-27144: cosign: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: Go JOSE's Parsing Vulnerable to Denial of Service (bsc#1237682) - CVE-2025-22870: cosign: golang.org/x/net/proxy: proxy bypass using IPv6 zone IDs (bsc#1238693) - CVE-2025-22868: cosign: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239204) - CVE-2025-22869: cosign: golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239337) Marcus Meissner 2025-04-13 12:01:43 +00:00
6414a1b6ee Accepting request 1247439 from security Ana Guerrero 2025-02-20 18:46:40 +00:00
eee335c9ac - Update to version 2.4.3: * Enable fetching signatures without remote get. (#4047) * Bump sigstore/sigstore to support KMS plugins (#4073) * sort properly Go imports (#4071) * sync comment with parameter name in function signature (#4063) * fix go imports order to be alphabetical (#4062) * fix comment typo and imports order (#4061) * Feat/file flag completion improvements (#4028) * Udpate builder to use go1.23.6 (#4052) * Refactor verifyNewBundle into library function (#4013) * fix parsing error in --only for cosign copy (#4049) * Fix codeowners syntax, add dep-maintainers (#4046) Marcus Meissner 2025-02-20 15:03:42 +00:00
3679b912a8 Accepting request 1245604 from security Ana Guerrero 2025-02-13 17:39:53 +00:00
6be10d231e remvoed Marcus Meissner 2025-02-13 10:27:58 +00:00
3651d47311 Accepting request 1243310 from home:msmeissn:branches:security Marcus Meissner 2025-02-05 10:56:07 +00:00
bd0002cd20 Accepting request 1205246 from security Ana Guerrero 2024-10-02 19:36:15 +00:00
e8175d55ec - update to 2.4.0 (jsc#SLE-23879) - Add new bundle support to verify-blob and verify-blob-attestation (#3796) - Adding protobuf bundle support to sign-blob and attest-blob (#3752) - Bump sigstore/sigstore to support email_verified as string or boolean (#3819) - Conformance testing for cosign (#3806) - move incremental builds per commit to GHCR instead of GCR (#3808) - Add support for recording creation timestamp for cosign attest (#3797) - Include SCT verification failure details in error message (#3799) Marcus Meissner 2024-10-02 15:37:31 +00:00
fab423373d Accepting request 1198420 from security Dominique Leuenberger 2024-09-03 11:39:07 +00:00
b3f6fee716 - Set CGO_ENABLED=1 for fixing s390x failed build Wolfgang Frisch 2024-09-03 07:29:08 +00:00
8baf4369f7 Accepting request 1189439 from security Dominique Leuenberger 2024-07-25 13:39:22 +00:00
35e47c5ba0 - update to 2.3.0 (jsc#SLE-23879) * Features - Add PayloadProvider interface to decouple AttestationToPayloadJSON from oci.Signature interface (#3693) - add registry options to cosign save (#3645) - Add debug providers command. (#3728) - Make config layers in ociremote mountable (#3741) - adds tsa cert chain check for env var or tuf targets. (#3600) - add --ca-roots and --ca-intermediates flags to 'cosign verify' (#3464) - add handling of keyless verification for all verify commands (#3761) * Bug Fixes - fix: close attestationFile (#3679) - Set bundleVerified to true after Rekor verification (Resolves #3740) (#3745) * Documentation - Document ImportKeyPair and LoadPrivateKey functions in pkg/cosign (#3776) Marcus Meissner 2024-07-24 16:03:08 +00:00
9c8c1c63a2 Accepting request 1178146 from security Ana Guerrero 2024-06-03 15:43:45 +00:00
25bf8d2277 Accepting request 1177857 from home:ojkastl_buildservice:Branch_security Marcus Meissner 2024-06-02 10:00:49 +00:00
71b8647167 Accepting request 1167811 from security Ana Guerrero 2024-04-15 18:18:42 +00:00
9cd75b0fbb Accepting request 1167810 from home:msmeissn:branches:security Marcus Meissner 2024-04-15 12:57:10 +00:00
1f43b94b0b Accepting request 1143630 from security Ana Guerrero 2024-02-02 14:48:10 +00:00
0cf17ddda3 Accepting request 1143629 from home:msmeissn:branches:security Marcus Meissner 2024-02-02 12:29:03 +00:00
4d9c730f61 Accepting request 1132694 from security Dominique Leuenberger 2023-12-12 18:32:52 +00:00
27401c57d2 Accepting request 1132643 from home:mbjoerkelund:branches:security Wolfgang Frisch 2023-12-12 14:06:10 +00:00
bf15060129 Accepting request 1124000 from security Ana Guerrero 2023-11-07 20:28:40 +00:00
b7c37069ca Accepting request 1123989 from home:msmeissn:branches:security Marcus Meissner 2023-11-07 14:23:17 +00:00
a907f2f020 Accepting request 1108432 from security Dominique Leuenberger 2023-09-02 20:07:21 +00:00
a250503476 Accepting request 1108431 from home:msmeissn:branches:security Marcus Meissner 2023-09-01 10:57:45 +00:00
d5244b092e Accepting request 1079859 from security Dominique Leuenberger 2023-04-17 15:41:27 +00:00
e43c6cc942 Accepting request 1079858 from home:msmeissn:branches:security Marcus Meissner 2023-04-17 08:19:55 +00:00
35daf6af1e Accepting request 1077439 from security Dominique Leuenberger 2023-04-05 19:28:00 +00:00
66811dff1a Accepting request 1077363 from home:dirkmueller:Factory Marcus Meissner 2023-04-05 07:21:02 +00:00
38b0945852 Accepting request 1067999 from security Dominique Leuenberger 2023-02-28 11:48:39 +00:00
75f96a8b42 Accepting request 1067997 from home:msmeissn:branches:security Marcus Meissner 2023-02-27 12:59:52 +00:00
edcdc5bc91 Accepting request 1029810 from security Dominique Leuenberger 2022-10-19 11:17:47 +00:00
9b05f6edb3 Accepting request 1029749 from home:msmeissn:branches:security Marcus Meissner 2022-10-18 18:50:02 +00:00
67c27c1a74 Accepting request 1006386 from security Richard Brown 2022-09-27 18:14:29 +00:00
157f12f86c Accepting request 1006385 from home:dirkmueller:Factory Marcus Meissner 2022-09-27 12:18:39 +00:00
a44970f03d Accepting request 1003868 from security Dominique Leuenberger 2022-09-15 21:00:06 +00:00
ffb0843f8c Accepting request 1003867 from home:msmeissn:branches:security Marcus Meissner 2022-09-15 13:22:03 +00:00
c8c856c589 Accepting request 993342 from security Dominique Leuenberger 2022-08-05 17:52:00 +00:00
691355f0c1 Accepting request 993341 from home:msmeissn:branches:security Marcus Meissner 2022-08-05 14:57:38 +00:00
3c7a5bb495 Accepting request 991560 from security Richard Brown 2022-07-28 18:59:10 +00:00
06870de9ee Accepting request 991559 from home:msmeissn:branches:security Marcus Meissner 2022-07-28 13:23:49 +00:00
8f4cd14df6 Accepting request 983636 from security Dominique Leuenberger 2022-06-19 19:11:05 +00:00
d2b777d080 Accepting request 983635 from home:msmeissn:branches:security Marcus Meissner 2022-06-18 20:51:04 +00:00
2ab3abf80a Accepting request 978429 from security Dominique Leuenberger 2022-05-21 17:06:44 +00:00
54d304016a Accepting request 978428 from home:msmeissn:branches:security Marcus Meissner 2022-05-21 13:18:40 +00:00
2be6d26848 Accepting request 972838 from security Dominique Leuenberger 2022-04-26 18:15:46 +00:00
22cb1b51d8 Accepting request 972815 from home:msmeissn:branches:security Marcus Meissner 2022-04-26 10:53:19 +00:00
f931badacb Accepting request 966617 from security Dominique Leuenberger 2022-04-03 19:31:04 +00:00
f7b8d4e21e Accepting request 966616 from home:msmeissn:branches:security Marcus Meissner 2022-04-03 08:40:59 +00:00
ac7aa7d4dd Accepting request 956475 from security Dominique Leuenberger 2022-02-21 16:46:52 +00:00
b983433b5e Accepting request 956474 from home:msmeissn:branches:security Marcus Meissner 2022-02-21 12:33:12 +00:00
df191981b7 Accepting request 949015 from security Dominique Leuenberger 2022-01-25 16:36:09 +00:00
9bb7398e7e Accepting request 949014 from home:msmeissn:branches:security Marcus Meissner 2022-01-25 13:04:54 +00:00
95214704d7 Accepting request 948967 from home:bmwiedemann:branches:security Marcus Meissner 2022-01-25 09:17:25 +00:00
02dda52a88 Accepting request 944678 from security Dominique Leuenberger 2022-01-07 11:46:59 +00:00
ca46558d9e Accepting request 944677 from home:msmeissn Marcus Meissner 2022-01-07 08:21:43 +00:00

Commit Graph Select branches Hide Pull Requests factory slfo-1.2 slfo-main Mono Color

Commit Graph

Select branches

Hide Pull Requests

factory

slfo-1.2

slfo-main