NOTE: If you use Fulcio to issue certificates you will need to use this release.
What's Changed
- Bump github.com/hashicorp/go-secure-stdlib/parseutil from 0.1.3 to 0.1.4 by @dependabot in #1620
- Bump github.com/xanzy/go-gitlab from 0.62.0 to 0.63.0 by @dependabot in #1745
- Bump mikefarah/yq from 4.24.2 to 4.24.4 by @dependabot in #1746
- Move the KMS integration imports into the binary entrypoints by @mattmoor in #1744
- [Cosigned] Convert functions for webhookCIP from v1alpha1 by @DennyHoang in #1736
- Refactor policy related code, add support for vuln verify by @vaikas in #1747
- Use bundle log ID to find verification key by @haydentherapper in #1748
- [cosigned] The webhook name is now configurable via --webhook-name flag by @vpnachev in #1726
- Add intermediate CA certificate pool for Fulcio by @haydentherapper in #1749
- Bump github.com/spf13/viper from 1.10.1 to 1.11.0 by @dependabot in #1751
- test: create fake TUF test root and create test SETs for verification by @asraa in #1750
- update go builder and cosign images by @cpanato in #1755
- Bump sigstore/cosign-installer from 2.2.0 to 2.2.1 by @dependabot in #1752
- Implement identities, fix bug in webhook validation. by @vaikas in #1759
- Validate issuer/subject regexp in validate webhook. by @vaikas in #1761
- chore: add warning when attaching sBOMs by @hectorj2f in #1756
- Verify embedded SCTs by @haydentherapper in #1731
- chore: add warning when downloading a sBOM by @hectorj2f in #1763
- [policy-webhook] The webhooks name is now configurable via --(validating|mutating)-webhook-name flags by @vpnachev in #1757
- Bump mikefarah/yq from 4.24.4 to 4.24.5 by @dependabot in #1765
- Bump actions/checkout from 3.0.0 to 3.0.1 by @dependabot in #1764
- Break the CIP action tests into a sh script. by @vaikas in #1767
- tuf: add debug info if tuf update fails by @asraa in #1766
- cosigned: add support for rsa keys by @hectorj2f in #1768
- Cosigned validate against remote sig src by @DennyHoang in #1754
- Add Fulcio intermediate CA certificate to intermediate pool by @haydentherapper in #1774
- Bump codecov/codecov-action from 3.0.0 to 3.1.0 by @dependabot in #1784
- fix: more informative error by @ybelMekk in #1778
- Bump cuelang.org/go from 0.4.2 to 0.4.3 by @dependabot in #1779
- Bump google.golang.org/api from 0.74.0 to 0.75.0 by @dependabot in #1780
- Bump k8s.io/code-generator from 0.23.5 to 0.23.6 by @dependabot in #1781
- Bump github.com/mitchellh/mapstructure from 1.4.3 to 1.5.0 by @dependabot in #1782
- Bump actions/checkout from 3.0.1 to 3.0.2 by @dependabot in #1783
- Run update-codegen. by @wlynch in #1789
- Remove the dependency on v1alpha1.Identity which brings in unnecessary k8s deps. by @vaikas in #1790
- Refactor fulcio signer to take in KeyOpts. by @wlynch in #1788
- test: add cue unit tests by @hectorj2f in #1791
- Attestations + policy in cip. by @vaikas in #1772
- chore: add rego function to consume modules and evaluate them by @hectorj2f in #1787
- Add parallelization for processing policies / authorities. by @vaikas in #1795
- Allow passing keys via environment variables (
env://refs) by @znewman01 in #1794 - Handle context cancelled properly + tests. by @vaikas in #1796
- Fix a bug where an error would send duplicate results. by @vaikas in #1797
- Revert "Refactor fulcio signer to take in KeyOpts. (#1788)" by @wlynch in #1798
- Bump github.com/xanzy/go-gitlab from 0.63.0 to 0.64.0 by @dependabot in #1799
- Bump google.golang.org/grpc from 1.45.0 to 1.46.0 by @dependabot in #1800
- Bump google-github-actions/auth from 0.7.0 to 0.7.1 by @dependabot in #1801
- Bump github.com/hashicorp/go-retryablehttp from 0.7.0 to 0.7.1 by @dependabot in #1758
- cosigned: Unify cue data and policy before evaluating it by @hectorj2f in #1793
- Don't fail open in VerifyBundle by @mtrmac in #1648
- Load in intermediate cert pool from TUF by @haydentherapper in #1804
- add changelog for release v1.8.0 by @cpanato in #1803
- Support PKCS1 encoded and non-ECDSA CT log public keys by @haydentherapper in #1806
New Contributors
- @vpnachev made their first contribution in #1726
- @ybelMekk made their first contribution in #1778
- @wlynch made their first contribution in #1789
- @mtrmac made their first contribution in #1648
Full Changelog: v1.7.2...v1.8.0