You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm getting what looks to be invalid json output from cosign when following the notice from the v0.1.3 run? This might be a cosign (v1.6.0) bug, I haven't looked into it further.
$ COSIGN_EXPERIMENTAL=1 cosign verify-attestation ghcr.io/marcofranssen/slsa-workflow-examples-docker@sha256:04b0426d40c824929fd5a75821f39f349db5ffa2eb07df22a55f736d7f40232c | jq
Verification for ghcr.io/marcofranssen/slsa-workflow-examples-docker@sha256:04b0426d40c824929fd5a75821f39f349db5ffa2eb07df22a55f736d7f40232c --
The following checks were performed on each of these signatures:
- The cosign claims were validated
- Existence of the claims in the transparency log was verified offline
- Any certificates were verified against the Fulcio roots.
parse error: Invalid numeric literal at line 1, column 12
Ah yeah, cosign outputs these two lines before the json content on stdout. Presumably it didn't in an earlier version?
I'm getting what looks to be invalid json output from cosign when following the notice from the v0.1.3 run? This might be a cosign (v1.6.0) bug, I haven't looked into it further.
Ah yeah, cosign outputs these two lines before the json content on stdout. Presumably it didn't in an earlier version?
I don't know whether you call that a cosign bug or a verification script bug :)
The text was updated successfully, but these errors were encountered: