Skip to content

v0.6.2
Compare
Choose a tag to compare
@github-actions github-actions released this 30 Jan 10:11
· 1239 commits to main since this release
v0.6.2
a72be97
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

What's Changed

  • Add TrustRoot crd. by @vaikas in #291
  • keep the matrix jobs running if one fail by @cpanato in #441
  • Plumb TrustRoot CRD through to CIP CRDs. Make TrustRoot available to webhook, clean up and refactor checkOpts logic. by @vaikas in #436
  • update scaffolding releases to v0.5.4 by @vaikas in #443
  • e2e test for bring your own keys with trustroot. by @vaikas in #444
  • expose webhook validator getters by @joshrwolf in #449
  • Generate slsa provenance by @hectorj2f in #447
  • policy-tester: use UnmarshalStrict by @hectorj2f in #453
  • Add support for policy.configMapRef in attestation / cip.spec by @vaikas in #457
  • Add support for bring your own serialized tuf repository. by @vaikas in #452
  • If TLog.url is specified, use it if trustroot does not have one + test. by @vaikas in #461
  • Fix: Fix private multi-arch fetchConfigFile by @mattmoor in #462
  • Add support for TUF remote. by @vaikas in #463
  • bring in latest cosign changes + udpate interfaces. by @vaikas in #467
  • fix: wrong api field ref in error msg by @hectorj2f in #470
  • chore: Relax certificate authority validation in trustRoots by @hectorj2f in #471
  • chore: add TSA cert chain validation by @hectorj2f in #472
  • fix: script field identation by @hectorj2f in #476
  • feature: add TSA support when verifying authorities by @hectorj2f in #468
  • Fix: Use the apiVersion when matching resources. by @mattmoor in #482
  • Feature: Create an interface for downstream CIP integrations. by @mattmoor in #480
  • user sigstore cosign-installer by @hectorj2f in #485
  • cleanup: switch to using cosign v2.0.0-rc.0 by @k4leung4 in #484
  • Allow fully specified URLs in predicateTypes. by @vaikas in #491
  • cleanup: update sigstore/cosign dep by @k4leung4 in #493
  • Require issuer/subject or issuerRegExp/subjectRegExp by @vaikas in #495
  • cleanup: bump cosign to latest by @k4leung4 in #501
  • Fix keyless behauvior when ctlog is absent by @hectorj2f in #508
  • test: change error message for empty keyless/key by @hectorj2f in #509
  • Add InsecureIgnoreSCT field to the keyless authorities by @hectorj2f in #511
  • Add a policy example for GCP KMS by @mathieu-benoit in #520
  • Improve kms key validations and error messages for awskms by @hectorj2f in #524
  • chore(deps): Bump github/codeql-action from 2.1.39 to 2.2.0 by @dependabot in #527
  • Bump cosign to v2.0.0.rc.1 by @hectorj2f in #530
  • Add support for Policy URLs by @hectorj2f in #518
  • only sub&rbac. by @vaikas in #534
  • Bump cosign e2e tests to rc2.0.0.rc.1 by @hectorj2f in #536
  • cleanup: update repo to use cosign v2.0.0-rc.1 by @k4leung4 in #535
  • remove COSIGN_EXPERIMENTAL evn var by @hectorj2f in #537
  • bump timeout for goreleaser to 60 minutes. by @vaikas in #539
  • set yes confirmation flag and bump timeout by @cpanato in #540

New Contributors

Full Changelog: v0.5.2...v0.6.2

Contributors

mattmoor, hectorj2f, and 6 other contributors
Assets 31