Added dcoumentation for pulling and parsing image attestations from registry1 (!1021) · Merge requests · Iron Bank / ironbank-pipeline

Michael Simmons requested to merge 666-cosign-docs into master Sep 21, 2022

Merge Request Description

Merge Request BOE

Risk

Rollback Plan

Testing

We tested this locally by creating a .sh file from the script in the documentation and downloaded the attestations for harbor-ib-zelda.staging.dso.mil/ironbank/opensource/thanos/thanos@sha256:a742c6d48a539163d7ccc7ee53ac114cd70cd92cedeb88956f7462dabb704bb4 it created the following four files:

spdx.json (spdx sbom)
cyclonedx.json (cyclonedx sbom)
hardening_manifest.json (LICENSE/README/hardening_manifest)
vat_response.json (VAT response)

Closes #666 (closed)

Edited Sep 28, 2022 by Tim Seagren

Added dcoumentation for pulling and parsing image attestations from registry1

Merge Request Description

Merge Request BOE

Risk

Rollback Plan

Testing

Merge request reports