Adam Hughes
Adam Hughes
It would be nice if we could leverage hardware authentication devices for `sign`/`verify`. For example, YubiKey or that sort of thing.
Add support for `syft attest` with Singularity images. Re-factor the attestation code to separate the steps to generate and publish the signed attestation. To test, I'm generating a test image...
**What would you like to be added**: Support for the `singularity` image source in the `syft attest` command. **Why is this needed**: [Singularity](https://github.com/sylabs/singularity) users are able to generate an SBOM...
**What would you like to be added**: Support for cataloging encrypted SIF images with Syft. **Why is this needed**: Singularity supports encryption of the root filesystem within a SIF image...
**What happened**: When a [SIF container image](https://github.com/sylabs/sif) is specified without the explicit `singularity` image source, no packages are discovered, and no error is returned: ``` $ syft packages alpine.sif ✔...
**Description** I'd like to obtain the hash algorithm used by a [signature.Signer](https://pkg.go.dev/github.com/sigstore/sigstore/pkg/signature#Signer). I have a use case where the caller passes me a `signature.Signer` and I need to generate a...
We need to discuss what should happen when a self-signed certificate is passed to `singularity verify`. As discussed in https://github.com/sylabs/singularity/pull/1160#discussion_r1040149657, my gut instinct is that Singularity should either: - Not...
When `singularity verify` is called on an image with a single signature, the expected behaviour is straightforward. If the signature can be verified, all is well, and otherwise there is...
As mentioned by @fnikolai in https://github.com/sylabs/singularity/issues/1095#issuecomment-1322439035, it might be useful to organize the increasing number of flags in `singularity sign` and `singularity verify`: > Perhaps something along these lines? >...
Thanks for the great Go module! I've run into a memory issue detected by `checkptr`. I don't have a small code snippet handy to reproduce... but the relevant output I'm...