feat: generate/upload sbom for cosign projects #1237
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
developer-guy
force-pushed
the
feature/1202
branch
from
3aa6de6 to
f2d5299
Compare
imjasonh
reviewed
Dec 21, 2021
| - uses: imjasonh/setup-ko@v0.4 | ||
| with: | ||
| version: tip | ||
| - uses: imjasonh/setup-ko@main |
There was a problem hiding this comment.
This should still only install the latest release by default. If it doesn't that's a bug.
There was a problem hiding this comment.
what should I need to do exactly?
There was a problem hiding this comment.
Suggested change
| - uses: imjasonh/setup-ko@main | |
| - uses: imjasonh/setup-ko@main | |
| with: | |
| version: tip |
|
Is the vuln stuff supposed to be in here? |
developer-guy
force-pushed
the
feature/1202
branch
from
f2d5299 to
fea53dd
Compare
it is my bad, it should be okay right now. |
developer-guy
force-pushed
the
feature/1202
branch
from
fea53dd to
7e92549
Compare
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com> Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
developer-guy
force-pushed
the
feature/1202
branch
from
7e92549 to
0cf9af1
Compare
|
okay, it seems that it should be ready to merge @dlorenc If I didn't miss anything |
imjasonh
approved these changes
Dec 21, 2021
dlorenc
approved these changes
Dec 22, 2021
bmwiedemann
pushed a commit
to bmwiedemann/openSUSE
that referenced
this pull request
Jan 25, 2022
https://build.opensuse.org/request/show/949015 by user msmeissn + dimstar_suse - updated to 1.5.0 ## Highlights * enable sbom generation when releasing (sigstore/cosign#1261) * feat: log error to stderr (sigstore/cosign#1260) * feat: support attach attestation (sigstore/cosign#1253) * feat: resolve --cert from URL (sigstore/cosign#1245) * feat: generate/upload sbom for cosign projects (sigstore/cosign#1237) * feat: vuln attest support (sigstore/cosign#1168) * feat: add ambient credential detection with spiffe/spire (sigstore/cosign#1220) * feat: generate/upload sbom for cosign projects (sigstore/cosign#1236) * feat: implement cosign download attestation (https
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Signed-off-by: Batuhan Apaydın batuhan.apaydin@trendyol.com
Summary
feat: generate/upload sbom for cosign projects
Ticket Link
Fixes #959
Release Note