-
Notifications
You must be signed in to change notification settings - Fork 545
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cosign download sbom fails when the remote image is absent #2603
Comments
I can try to take this one if it is still available. |
cc @znewman01 sorry for bothering you, just wanted to know if this one is still available and useful, i can try to do it. |
Go for it! Thanks 😄 |
Thanks! |
I think this is not more reproducible since #1905 does not allow the signing of not existing images. This an image I built locally and not yet pushed to the registry:
|
You don't need to fix #1905 to repro this:
|
@znewman01 @paolomainardi I have created a PR that will close this |
Description
This is related to #1905
Currently, when trying to download a sbom attached to an image via a digest, it fails trying to look up for the original image.
Error;
Ideally, this command shouldn't go look up to see if the image really exists.
What I am trying to do;
1 - build an image locally
2 - get its digest
3 - call
cosign sign repo@digest
and sign the image at remote4 - call
cosign attach sbom repo@digest --sbom <path>
5 - call
cosign download sbom repo@digest
(for verifying purposes)6 - push the image
Version
The text was updated successfully, but these errors were encountered: