Skip to content

upgrade to v3 + add support for OCI 1.1 stored attestations #1892

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
falcorocks wants to merge 3 commits into from
Closed

upgrade to v3 + add support for OCI 1.1 stored attestations #1892

falcorocks wants to merge 3 commits into from

Conversation

@falcorocks
Copy link

@falcorocks falcorocks commented Oct 10, 2025
edited
Loading

Closes #1893

Summary

Release Note

Documentation

@falcorocks
feat: upgrade cosign from v2.5.0 to v3.0.1
8ec00ef 
- Update go.mod dependency from github.com/sigstore/cosign/v2 to v3
- Update all import statements across codebase to use cosign/v3
- Update dependencies via go mod tidy to resolve compatibility
- Remove kube-openapi replace directive that caused yaml.v3 conflicts
- Verified cosign v3 API compatibility with policy-controller
- All build targets including policy-tester now work correctly
@falcorocks
Replace cosign dependency with local fork for testing
c34d2b9 
Add replace directive to use local cosign fork at /Users/falco/code/cosign
This enables immediate testing of local cosign changes.
@falcorocks
Enable ExperimentalOCI11 flag and add local fork integration
2b58478 
- Add replace directive to use local cosign fork at /Users/falco/code/cosign
- Enable ExperimentalOCI11 flag in CheckOpts to activate OCI 1.1 attestation verification
- Remove excessive logging for clean, production-ready output
- Verified: OCI 1.1 attestation verification works successfully with clean output!

This allows testing of the experimental OCI 1.1 attestation verification feature
which uses the OCI 1.1 Referrers API instead of legacy .att tag discovery.
@falcorocks falcorocks mentioned this pull request Oct 13, 2025
Open
@falcorocks falcorocks closed this Oct 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

upgrade cosign dependency to v3

1 participant

@falcorocks