-
Notifications
You must be signed in to change notification settings - Fork 115
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Switch to newer DSSE rekor type #3299
Merged
Merged
Commits on Feb 29, 2024
-
fix: Switch to newer DSSE rekor type
The intoto v001 type does not persist signatures of the DSSE envelope, as noted in sigstore/rekor#973. We introduced an intoto v002 type shortly after to fix this, but since then, we've introduced another newer type, DSSE v001, which also does not persist the attestation in Rekor (as we discourage using Rekor as storage). I also updated the verifier in slsa-framework/slsa-verifier#742 to search for both Rekor entry types. Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
Configuration menu - View commit details
-
Copy full SHA for bdeea00 - Browse repository at this point
Copy the full SHA bdeea00View commit details
Commits on Mar 5, 2024
-
Signed-off-by: Hayden B <hblauzvern@google.com>
Configuration menu - View commit details
-
Copy full SHA for 9d72468 - Browse repository at this point
Copy the full SHA 9d72468View commit details
Commits on Mar 6, 2024
-
Configuration menu - View commit details
-
Copy full SHA for e91f0bc - Browse repository at this point
Copy the full SHA e91f0bcView commit details
Commits on Mar 26, 2024
-
Merge branch 'main' into dsse-entry
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 7ec2f7f - Browse repository at this point
Copy the full SHA 7ec2f7fView commit details -
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for bbf63c1 - Browse repository at this point
Copy the full SHA bbf63c1View commit details -
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for e0093c8 - Browse repository at this point
Copy the full SHA e0093c8View commit details -
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Configuration menu - View commit details
-
Copy full SHA for 99c25a8 - Browse repository at this point
Copy the full SHA 99c25a8View commit details -
Configuration menu - View commit details
-
Copy full SHA for 0ed5031 - Browse repository at this point
Copy the full SHA 0ed5031View commit details
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.