mirror of
https://github.com/anchore/grype
synced 2024-11-10 06:34:13 +00:00
523f5ce9c0
* add key flag to attest validation Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * mvp: verify sig and extract sbom Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip read attestation without scheme Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * mvp consuming attestations - needs unit tests Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * remove prototype file Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * drop local syft from go.mod Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * fix order of sbom parsing strategies Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * handle implicit attestation input Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * wip Signed-off-by: Jonas Galvão Xavier <jonas.agx@gmail.com> * add test for invalid attestation key Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * rebase and go-mod-tidy Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * consume attestation via stdin Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * attestation test for stdin Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * validate input and content for attestation Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add stdin test Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix config tags Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add int test to ignore attestation validation Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix cycloneDX attestation fixture Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add tampered att test Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add tampered predicate type test Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * improve docs/help on atttestation Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * upgrade to latest syft Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fall through when guessing between sbom and att Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * go mod tidy Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix butter finger rebase Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * drop default key value Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * assert error messages Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * better test/cli coverage Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix stdin decode test Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * fix goimports Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * tui - verified attestation and feedback changes Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * better naming Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * add attestation section to config file Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * emit event for skipped verification Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * use public key name Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * feedback changes Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com> * nit Signed-off-by: Jonas Galvão Xavier <jonasx@anchore.com>
3 lines
67 B
YAML
3 lines
67 B
YAML
check-for-app-update: false
|
|
attestation:
|
|
skip-verification: true
|