Skip to content

Releases: actions/attest-sbom

v1.3.2

17 Jun 17:36
@bdehamer bdehamer
v1.3.2
3d6693d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.3.2 Latest
Marketplace
Latest
Marketplace

What's Changed

  • Bump actions/attest from 1.3.1 to 1.3.2 by @bdehamer in #75
    • Increase timeout for OCI operations

Full Changelog: v1.3.1...v1.3.2

Contributors

bdehamer
Assets 2
Loading

v1.3.1

13 Jun 21:59
@bdehamer bdehamer
v1.3.1
91d05ef
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.3.1
Marketplace
Marketplace

What's Changed

  • Bump actions/attest from 1.3.0 to 1.3.1 by @bdehamer in #72
    • Bugfix when detecting support for the referrers API with OCI registries

Full Changelog: v1.3.0...v1.3.1

Contributors

bdehamer
Assets 2
Loading

v1.3.0

13 Jun 14:27
@bdehamer bdehamer
v1.3.0
ab8de89
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.3.0
Marketplace
Marketplace

What's Changed

  • Bump actions/attest action to v1.3.0 by @bdehamer in #71
    • Dynamic construction of GitHub API URLs based on GITHUB_SERVER_URL
    • Improved handling of Rekor 409 responses
    • Bugfix - detection of registries with support for the OCI referrers API

Full Changelog: v1.2.0...v1.3.0

Contributors

bdehamer
Assets 2
Loading

v1.2.0

03 Jun 18:01
@bdehamer bdehamer
v1.2.0
49e7311
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.2.0
Marketplace
Marketplace

What's Changed

  • Bump actions/attest from 1.1.2 to 1.2.0 by @bdehamer in #67
    • Batch processing w/ exponential backoff
    • Enforce 16MB limit on predicate size
    • Bugfix when pushing attestation to OCI registry

Full Changelog: v1.1.2...v1.2.0

Contributors

bdehamer
Assets 2
Loading

v1.1.2

16 May 19:43
@bdehamer bdehamer
v1.1.2
aaa2d0a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1.2
Marketplace
Marketplace

What's Changed

  • Bump actions/attest from 1.1.1 to 1.1.2 by @bdehamer in #63
    • Downcase subject name for OCI images
    • Fix accept header when retrieving image manifest
    • Support variants of the Docker Hub registry name

Full Changelog: v1.1.1...v1.1.2

Contributors

bdehamer
Assets 2
Loading

v1.1.1

10 May 17:55
@bdehamer bdehamer
v1.1.1
c29e4e9
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1.1
Marketplace
Marketplace

What's Changed

  • Bump actions/attest from v1.1.0 to v1.1.1 by @bdehamer in #61
    • Bump @sigstore/sign from 2.3.0 to 2.3.1
    • Bump @sigstore/oci from 0.3.0 to 0.3.2
    • Include more detail in error logging
    • Send API errors to GHA debug log
    • Fix bug preventing failed API requests from being retried

Full Changelog: v1.1.0...v1.1.1

Contributors

bdehamer
Assets 2
Loading

v1.1.0

06 May 19:25
@bdehamer bdehamer
v1.1.0
7d87da1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1.0
Marketplace
Marketplace

What's Changed

  • Bump actions/attest to v1.1.0 by @bdehamer in #58
    • adds list support for subjectPath input
    • limit attestation subject count
    • ensure subject globs match only files

Full Changelog: v1.0.0...v1.1.0

Contributors

bdehamer
Assets 2
Loading

v1.0.0

30 Apr 19:03
@bdehamer bdehamer
v1.0.0
c168f23
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.0
Marketplace
Marketplace

What's Changed

  • Remove embedded anchore/sbom-action by @bdehamer in #45
  • Update README.md to refer to attestations permission by @phillmv in #41
  • Update actions/attest to v1.0.0 by @bdehamer in #47

Full Changelog: v0.1.1...v1.0.0

Contributors

phillmv and bdehamer
Assets 2
Loading

v0.1.1

05 Mar 21:12
@bdehamer bdehamer
v0.1.1
d023f12
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.1.1 Pre-release
Pre-release

What's Changed

Full Changelog: v0.1.0...v0.1.1

Contributors

bdehamer
Assets 2
Loading

v0.1.0

05 Mar 19:10
@bdehamer bdehamer
v0.1.0
48e5743
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.1.0 Pre-release
Pre-release

What's Changed

  • Pre-release

New Contributors

Full Changelog: https://github.com/actions/attest-sbom/commits/v0.1.0

Contributors

bdehamer, dependabot, and ejahnGithub
Assets 2
Loading