Batuhan Apaydın
Batuhan Apaydın
kinly ping @AkihiroSuda @Dentrax
it will be because they use Syft too under the hood
There are two ways of developing this feature. The first is executing the Syft binary as we did while implementing the signing feature by performing the cosign binary. The latter...
Kindly ping @AkihiroSuda
Syft is also capable of attaching an SBOM result[^1] in the form of in-toto attestations[^2] with its new command called `attest`[^3], and this command also signs the SBOM result and...
kindly ping sir @AkihiroSuda
> Please remove this > > https://github.com/containerd/nerdctl/blob/e7858835cb43a54aae10500e99a120db11180701/Dockerfile#L243 thank you for bringing it to my attention, I've removed this line. ✌️
> > cosign-linux-amd64 81.4 MB > > Why is this binary so large? [sigstore/cosign@`v1.4.1` (release)](https://github.com/sigstore/cosign/releases/tag/v1.4.1) idk actually :(
kindly ping @AkihiroSuda 🙋🏻♂️
kindly ping @AkihiroSuda 🙋🏻♂️