1 Release published by 1 person

• v2.4.2

  published Feb 4, 2025

26 Pull requests merged by 8 people

• fix parsing error in --only for cosign copy

  #4049 merged Feb 6, 2025

• Fix codeowners syntax, add dep-maintainers

  #4046 merged Feb 4, 2025

• update v2.4.2 changelog

  #4045 merged Feb 4, 2025

• chore(deps): bump github.com/open-policy-agent/opa from 0.68.0 to 1.1.0

  #4036 merged Feb 4, 2025

• bump k8s versions we're testing against, scaffolding release

  #4044 merged Feb 4, 2025

• chore(deps): bump cuelang.org/go from 0.11.2 to 0.12.0

  #4035 merged Feb 4, 2025

• fix warning message from golangci-lint

  #4043 merged Feb 4, 2025

• chore(deps): move github.com/xanzy/go-gitlab to gitlab.com/gitlab-org/api/client-go

  #3987 merged Feb 4, 2025

• chore(deps): bump github.com/sigstore/sigstore-go from 0.6.3-0.20241213162223-378b249542ef to 0.7.0

  #4034 merged Feb 4, 2025

• chore(deps): bump the gomod group across 1 directory with 2 updates

  #4042 merged Feb 4, 2025

• chore(deps): bump google.golang.org/api from 0.218.0 to 0.219.0

  #4038 merged Feb 3, 2025

• chore(deps): bump sigs.k8s.io/release-utils from 0.9.0 to 0.11.0

  #4040 merged Feb 3, 2025

• chore(deps): bump google-github-actions/auth from 2.1.7 to 2.1.8 in the actions group

  #4041 merged Feb 3, 2025

• chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.4.0 to 2.5.0

  #4039 merged Feb 3, 2025

• chore(deps): bump github.com/sigstore/protobuf-specs from 0.3.3 to 0.4.0

  #4037 merged Feb 3, 2025

• chore(deps): bump github.com/buildkite/agent/v3 from 3.89.0 to 3.91.0

  #4029 merged Jan 31, 2025

• chore(deps): bump the gomod group across 1 directory with 14 updates

  #4021 merged Jan 31, 2025

• chore(deps): bump the actions group across 1 directory with 6 updates

  #4022 merged Jan 31, 2025

• Add conformance test commands to Makefile

  #4023 merged Jan 30, 2025

• Add UseSignedTimestamps to CheckOpts, refactor TSA options

  #4006 merged Jan 13, 2025

• Bump conformance to latest version

  #4011 merged Jan 13, 2025

• fix: set tls config while retaining other fields from default http transport

  #4007 merged Jan 13, 2025

• Clean up

  #4004 merged Jan 10, 2025

• Add more complex TUF tests

  #4003 merged Jan 9, 2025

• chore(deps): bump github.com/buildkite/agent/v3 from 3.88.0 to 3.89.0

  #3998 merged Jan 8, 2025

• Add support for verifying root checksum in cosign initialize

  #3953 merged Jan 7, 2025

7 Pull requests opened by 6 people

• Refactor verifyNewBundle into library function

  #4013 opened Jan 14, 2025

• Enable signing and verifying image without registry access

  #4014 opened Jan 16, 2025

• add `sha256:...` as alternative way to specify a blob

  #4016 opened Jan 17, 2025

• Feat/file flag completion improvements

  #4028 opened Jan 30, 2025

• Add support for attesting with complete statement

  #4032 opened Feb 3, 2025

• Enable fetching signatures without remote get.

  #4047 opened Feb 5, 2025

• Add support for passing different SignerVerifier LoadOptions

  #4050 opened Feb 6, 2025

6 Issues closed by 3 people

• Cosign copy command requires "--only" since 2.4.2

  #4048 closed Feb 6, 2025

• Kanidm as provider?

  #4012 closed Jan 21, 2025

• Conformance Tests Failed

  #4002 closed Jan 13, 2025

• cosign sign `--allow-insecure-registry` does not behave as expected over http/https proxy

  #3269 closed Jan 13, 2025

• Clean up old images that is not in used

  #3984 closed Jan 9, 2025

• Allow providing root.json checksum instead of a full root.json file for cosign initialize

  #3946 closed Jan 7, 2025

5 Issues opened by 5 people

• tuf: failed to download 8.root.json

  #4026 opened Jan 29, 2025

• Error in offline validation when using additional annotations

  #4024 opened Jan 29, 2025

• error during command execution: signing ***: reading key: invalid pem block

  #4020 opened Jan 24, 2025

• Support signing 'raw' in-toto statements

  #4019 opened Jan 21, 2025

• Private PKI cli constraint options

  #4005 opened Jan 8, 2025

7 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Add support for new bundle specification for attesting/verifying OCI image attestations

  #3889 commented on Jan 24, 2025 • 2 new comments

• Allow signing local image without registry access

  #3832 commented on Jan 16, 2025 • 0 new comments

• Cosign doesn't accept Digicert's TSA certificate when verifying a signature

  #3632 commented on Jan 29, 2025 • 0 new comments

• attest: if there is no attestation `--replace` causes empty manifest layer

  #2082 commented on Feb 4, 2025 • 0 new comments

• Add support for ED25519ph for sign/verify(-blob) commands

  #3479 commented on Feb 6, 2025 • 0 new comments

• Upgrade to TUF v2 client

  #3844 commented on Jan 28, 2025 • 0 new comments

• remove previously deprecated attach/download sbom commands

  #3891 commented on Jan 20, 2025 • 0 new comments