Releases · docker/attest

This repository was archived by the owner on Dec 3, 2024. It is now read-only.

09 Sep 17:10

github-actions

v0.5.1

206b33c

v0.5.1

Changes

🐛 Bug Fixes

fix: expose version and user agent to consumers @kipz (#158)

Contributors

kipz

Assets 2

09 Sep 16:38

github-actions

v0.5.0

b4e6767

v0.5.0

Changes

🚀 Features

feature!: support for setting HTTP User-Agent header @kipz (#157)

💥 Breaking Changes

feature!: support for setting HTTP User-Agent header @kipz (#157)

Contributors

kipz

Assets 2

05 Sep 14:08

github-actions

v0.4.4

ed0ae8e

v0.4.4

Changes

🐛 Bug Fixes

fix: verify mapped image name against subjects @kipz (#156)

Contributors

kipz

Assets 2

04 Sep 21:49

github-actions

v0.4.3

a363be7

v0.4.3

Changes

💥 Breaking Changes

refactor! remove pkg directory @kipz (#145)
Verify input image/platform against attestation subjects before passing to rego @kipz (#148)

🚀 Features

feat(deps): bump google.golang.org/api from 0.195.0 to 0.196.0 @dependabot (#150)
feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.8 to 1.8.9 @dependabot (#151)
feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.31 to 1.27.33 @dependabot (#155)
feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.8 to 1.8.9 @dependabot (#149)
feat(deps): bump github.com/open-policy-agent/opa from 0.67.1 to 0.68.0 @dependabot (#143)
feat: add slsa v1 predicate type @mrjoelkamp (#154)
feat: validate mapping files on load @kipz (#147)

🐛 Bug Fixes

fix: escape ! remove .* (global match) @kipz (#146)

🧰 Maintenance

chore(deps): bump actions/create-github-app-token from 1.10.3 to 1.10.4 @dependabot (#153)

Contributors

kipz, mrjoelkamp, and dependabot

Assets 2

02 Sep 08:39

github-actions

v0.4.2

23849c1

v0.4.2

Changes

refactor! don't use ctx for policy evaluator @kipz (#140)

🚀 Features

feat(deps): bump google.golang.org/api from 0.194.0 to 0.195.0 @dependabot (#139)
feat: add policy resolver tests @mrjoelkamp (#138)

🐛 Bug Fixes

fix: use canonical names inside TUF fetcher @kipz (#144)
fix: tuf oci image parsing @kipz (#142)

🧰 Maintenance

feat: add policy resolver tests @mrjoelkamp (#138)

Contributors

kipz, mrjoelkamp, and dependabot

Assets 2

28 Aug 10:59

github-actions

v0.4.0

6f94d59

v0.4.0

Changes

Breaking

Mock TUF client removed
add policy.Resolver

🚀 Features

add stateful 'Verifier' to aid TUF client reuse
refactor!: add policy.Resolver struct to reduce parameters @jonnystoten (#130)
feat(deps): bump github.com/testcontainers/testcontainers-go/modules/registry from 0.32.0 to 0.33.0 @dependabot (#127)
feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.28 to 1.27.31 @dependabot (#134)
feat(deps): bump google.golang.org/api from 0.192.0 to 0.194.0 @dependabot (#131)
feat(deps): bump github.com/Masterminds/semver/v3 from 3.2.1 to 3.3.0 @dependabot (#136)
feat!: remove MockTUFClient @kipz (#135)

🐛 Bug Fixes

fix: use a client pointing at Docker's TUF by default @jonnystoten (#104)

🧰 Maintenance

feat(deps): bump github.com/testcontainers/testcontainers-go/modules/registry from 0.32.0 to 0.33.0 @dependabot (#127)

Contributors

jonnystoten, kipz, and dependabot

Assets 2

27 Aug 09:57

github-actions

v0.3.2

aed959f

v0.3.2 Pre-release

Pre-release

Changes

Breaking

feat: remove isCanonical from rego inputs

🚀 Features

feat: add purl details to policy inputs @kipz (#129)
feat(deps): bump github.com/docker/docker from 27.1.0+incompatible to 27.1.1+incompatible in the go_modules group @dependabot (#126)
feat(deps): bump google.golang.org/api from 0.191.0 to 0.192.0 @dependabot (#123)
feat(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.27.27 to 1.27.28 @dependabot (#125)

🐛 Bug Fixes

fix: use a client pointing at Docker's TUF by default @jonnystoten (#104)

🧰 Maintenance

feat: add purl details to policy inputs @kipz (#129)

Contributors

jonnystoten, kipz, and dependabot

Assets 2

14 Aug 21:51

github-actions

v0.3.1

a4a0bf3

v0.3.1

Changes

🚀 Features

feat: add digest and downloadLocation to VSA policy @mrjoelkamp (#124)
feat: mirror empty config image @mrjoelkamp (#122)

Contributors

mrjoelkamp

Assets 2

08 Aug 20:31

github-actions

v0.3.0

d97d20e

v0.3.0

Changes

🚀 Features

feat!: push attestation artifacts by digest @mrjoelkamp (#120)

🧰 Maintenance

feat(deps): bump google.golang.org/api from 0.190.0 to 0.191.0 @dependabot (#121)
feat(deps): bump github.com/sigstore/cosign/v2 from 2.3.0 to 2.4.0 @dependabot (#119)
feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.7 to 1.8.8 @dependabot (#118)
feat(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.7 to 1.8.8 @dependabot (#117)

Contributors

mrjoelkamp and dependabot

Assets 2

06 Aug 15:44

github-actions

v0.2.1

8767951

v0.2.1

Changes

🚀 Features

feat(deps): bump google.golang.org/api from 0.189.0 to 0.190.0 @dependabot (#114)
feat(deps): bump github.com/open-policy-agent/opa from 0.67.0 to 0.67.1 @dependabot (#116)

🐛 Bug Fixes

fix: let OCI layouts use referrers attestations @mrjoelkamp (#113)

🧰 Maintenance

chore: disable codecov patch status @mrjoelkamp (#115)

Contributors

mrjoelkamp and dependabot

Assets 2

Releases: docker/attest

v0.5.1

Changes

🐛 Bug Fixes

Contributors

Uh oh!

v0.5.0

Changes

🚀 Features

💥 Breaking Changes

Contributors

Uh oh!

v0.4.4

Changes

🐛 Bug Fixes

Contributors

Uh oh!

v0.4.3

Changes

💥 Breaking Changes

🚀 Features

🐛 Bug Fixes

🧰 Maintenance

Contributors

Uh oh!

v0.4.2

Changes

🚀 Features

🐛 Bug Fixes

🧰 Maintenance

Contributors

Uh oh!

v0.4.0

Changes

🚀 Features

🐛 Bug Fixes

🧰 Maintenance

Contributors

Uh oh!

v0.3.2

Changes

Breaking

🚀 Features

🐛 Bug Fixes

🧰 Maintenance

Contributors

Uh oh!

v0.3.1

Changes

🚀 Features

Contributors

Uh oh!

v0.3.0

Changes

🚀 Features

🧰 Maintenance

Contributors

Uh oh!

v0.2.1

Changes

🚀 Features

🐛 Bug Fixes

🧰 Maintenance

Contributors

Uh oh!