Skip to content

v2.0.0-rc.3

Pre-release
Pre-release
Compare
Choose a tag to compare
@sigstore-bot sigstore-bot released this 16 Feb 19:57
· 824 commits to main since this release
v2.0.0-rc.3
5d2964c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

v2.0.0-rc.3

Note: this is a prerelease for Cosign 2.0! Feel free to try it out, but know there are many breaking changes from 1.0 and the prereleases may continue to change.

Installation

go install github.com/sigstore/cosign/v2/cmd/[email protected]

Enhancements

  • Support non-Sigstore TSA requests (#2708)
  • Add COSIGN_OCI_EXPERIMENTAL, push .sig/.sbom using OCI 1.1+ digest tag (#2684)
  • Output certificate in bundle when entry is not uploaded to Rekor (#2715)
  • attach signature and attach sbom must use STDIN to upload raw string (#2637)

Bug Fixes

  • Fix: Add missing schemes to cosign predicate types. (#2717)
  • Fix: Drop the CosignPredicate wrapper around SBOM attestations. (#2718)

Documentation

  • Adds deprecation note for keyless docs (#2716)
Assets 136
Loading