cosign
aqua > v1.26.0
Please see Cosign and SLSA Provenance Support too.
Fields
- opts ([]string): cosign verify-blob options
- signature
- type (string):
github_releaseorhttp - repo_owner (string) (optional):
- repo_name (string) (optional):
- url (string) (
httprequires): - asset (string) (
github_releaserequires):
- type (string):
- key
- same as
signature
- same as
- certificate
- same as
signature
- same as
- bundle (
aqua >= v2.47.0)- same as
signature
- same as
e.g.
cosign:
opts:
- --signature
- https://github.com/terraform-linters/tflint/releases/download/{{.Version}}/checksums.txt.keyless.sig
- --certificate
- https://github.com/terraform-linters/tflint/releases/download/{{.Version}}/checksums.txt.pem
cosign:
signature:
type: github_release
asset: checksums.txt.keyless.sig
certificate:
type: github_release
asset: checksums.txt.pem