Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: add warning when downloading a sBOM #1763

Merged
merged 1 commit into from
Apr 15, 2022

Conversation

hectorj2f
Copy link
Contributor

Signed-off-by: hectorj2f hectorf@vmware.com

Summary

This PR adds a warning to users when downloading sBOMs.In order to ensure tamper-proof sBOMs and validate its authenticity, sigstore recommends to download the attestations that include the sBOMs or validate their signatures if signed.

Related to this RFC ##1742

Ticket Link

Fixes

Release Note


Signed-off-by: hectorj2f <hectorf@vmware.com>
@hectorj2f hectorj2f self-assigned this Apr 14, 2022
@codecov-commenter
Copy link

codecov-commenter commented Apr 14, 2022

Codecov Report

Merging #1763 (38ef2b6) into main (70a3d8c) will decrease coverage by 0.00%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##             main    #1763      +/-   ##
==========================================
- Coverage   30.59%   30.59%   -0.01%     
==========================================
  Files         143      143              
  Lines        8658     8659       +1     
==========================================
  Hits         2649     2649              
- Misses       5710     5711       +1     
  Partials      299      299              
Impacted Files Coverage Δ
cmd/cosign/cli/download.go 0.00% <0.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 70a3d8c...38ef2b6. Read the comment docs.

@dlorenc dlorenc merged commit 3af58ac into sigstore:main Apr 15, 2022
@github-actions github-actions bot added this to the v1.8.0 milestone Apr 15, 2022
mlieberman85 pushed a commit to mlieberman85/cosign that referenced this pull request May 6, 2022
Signed-off-by: hectorj2f <hectorf@vmware.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants