Changelog
- b7e095e fix(release): fix goreleaesr
- 8375785 fix: goreleaser sign blob fix
- eebd815 fix(release): fix release; fix HIGH vulns (#532)
- 833dc21 fix(release): another attempt to fix the release step (#531)
- 4e7fff1 re-added equals sign (#530)
- 5739b71 Sc/try cosign change (#529)
- be6d45a Accept signature for cosign (#525)
You can verify the signatures of both the checksums.txt file and the published docker images using cosign.
cosign 1.x
cosign verify-blob checksums.txt --signature=checksums.txt.sig --key https://artifacts.fairwinds.com/cosign.pub
cosign 2.x
cosign verify-blob checksums.txt --signature=checksums.txt.sig --key https://artifacts.fairwinds.com/cosign.pub --insecure-ignore-tlog
cosign verify us-docker.pkg.dev/fairwinds-ops/oss/pluto:v5 --key https://artifacts.fairwinds.com/cosign.pub