sigstore/cosign v1.3.1

on GitHub

Breaking Changes

• [cosign/pkg]: cosign.Verify has been removed in favor of explicit cosign.VerifyImageSignatures and cosign.VerifyImageAttestations
  (#1026)

Enhancements

• Add ability for verify-blob to find signing cert in transparency log (#991)
• root policy: add optional issuer to maintainer keys (#999)
• PKCS11 signing support (#985)
• Included timeout option for uploading to Rekor (#1001)

Bug Fixes

• Bump sigstore/sigstore to pickup a fix for azure kms (#1011 / #1028)

Contributors

• Asra Ali (@asraa)
• Batuhan Apaydın (@developer-guy)
• Carlos Panato (@cpanato)
• Dan Lorenc (@dlorenc)
• Dennis Leon (@DennisDenuto)
• Erkan Zileli (@erkanzileli)
• Furkan Türkal (@Dentrax)
• garantir-km (@garantir-km)
• Jake Sanders (@dekkagaijin)
• Naveen (@naveensrinivasan)

Changelog

645ebf0 add change to 1.3.1 changelog (#1036)
5a33731 remove Verify in favor of explicit VerifyImage{Signatures, Attestations} (#1026)
5d866c3 fix help msg upload=>no-upload (#1033)
076e179 add changelog for v1.3.1 (#1032)
c2c3a1d fix variable (#1031)
ff2104c ci: update oidc ci tests (#1029)
ce7cf28 update sigstore/sigstore to v1.0.1 (#1028)
0c771f8 Bump the thales pkcs11 library to v1.2.5 (#1009)
cb41bd4 make the purpose of secrets checked into .github/workflows explicit (#1025)
5a350e4 fix(doc): add an example for existing option on verify-blob command (#1024)
c0744b3 Add the missing GIT_HASH env var in the post-submit github-oidc.yaml action. (#1022)
88313ee Remove fuzzing check - unsupported go-fuzz (#1020)
d442592 Included timeout option for uploading to Rekor (#1001)
d3440b5 remove not needed dockerfiles (#1017)
82c9cee refactor release process to use ko to build the images (#1008)
55471fc Add an initial comparison document between nv2 and cosign. (#1014)
bb05c81 Bump sigstore/sigstore to pickup a fix for azure kms. (#1011)
db34c33 refactor version and add version command to sget (#1010)
391bac3 Bump k8s.io/apimachinery and opa. (#1004)
7066f12 PKCS11 signing support (#985)
9b9cd94 add optional issuer to root policy (#999)
5deaca0 Add ability for verify-blob to find signing cert in transparency log (#991)
6573dcd update automation to use 1.3.0 release (#997)
c6c032e update deps, go mod tidy (#994)

Thanks for all contributors!