Add `--new-bundle-format` flag to `cosign attest-blob` (!5) · Merge requests · GitLab components / SLSA

What does this MR do and why?

As documented in Add `--new-bundle-format` flag to `cosign attes... (gitlab-com/content-sites/handbook!12472 - merged), Cosign supports a new bundle format, but it isn't the default yet (although it will be the default in an upcoming release). This updates the component to call cosign attest-blob with --new-bundle-format.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before	After

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Add --new-bundle-format flag to cosign attest-blob

What does this MR do and why?

MR acceptance checklist

Screenshots or screen recordings

How to set up and validate locally

Merge request reports

Add `--new-bundle-format` flag to `cosign attest-blob`