UNCLASSIFIED - NO CUI

Skip to content

Added dcoumentation for pulling and parsing image attestations from registry1

Michael Simmons requested to merge 666-cosign-docs into master

Merge Request Description

Merge Request BOE

Risk

Rollback Plan

Testing

We tested this locally by creating a .sh file from the script in the documentation and downloaded the attestations for harbor-ib-zelda.staging.dso.mil/ironbank/opensource/thanos/thanos@sha256:a742c6d48a539163d7ccc7ee53ac114cd70cd92cedeb88956f7462dabb704bb4 it created the following four files:

  • spdx.json (spdx sbom)
  • cyclonedx.json (cyclonedx sbom)
  • hardening_manifest.json (LICENSE/README/hardening_manifest)
  • vat_response.json (VAT response)

Closes #666 (closed)

Edited by Tim Seagren

Merge request reports