New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add malicious provenance test for OCI container images #108

Open

asraa opened this issue Sep 15, 2022 · 0 comments

Labels

Collaborator

asraa commented Sep 15, 2022

With attached provenance, testing CLI verification with a container with bad provenance attached is difficult. See #104 (comment)

We can manipulate the container with cosign/crane, but cannot do this in the shell script right now

asraa mentioned this issue

container: update container workflows for container slsa-verifier verification #104

Merged

ianlewis added the enhancement label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment