Skip to content

Draft: Rename SBOMs as per the image and attest it using cosign in a new job

Pratik Singhrequested to merge
attach-sboms-to-images-and-attest into master

What does this MR do?

Adding a job to attest SBOM for each image with a relevant name

Rename SBOMs as per the image and attest it using cosign in a new job

Signed-off-by: psingh29 psingh@gitlab.com

Related issues

Checklist

See Definition of done.

For anything in this list which will not be completed, please provide a reason in the MR discussion

Required

  • Merge Request Title, and Description are up to date, accurate, and descriptive
  • MR targeting the appropriate branch
  • MR has a green pipeline on GitLab.com
  • When ready for review, MR is labeled "~workflow::ready for review" per the Distribution MR workflow

Expected (please provide an explanation if not completing)

  • Test plan indicating conditions for success has been posted and passes
  • Documentation created/updated
  • Integration tests added to GitLab QA
  • The impact any change in container size has should be evaluated
  • New dependencies are managed with GitLab forked renovatebot

Merge request reports