Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tree command to display all the supply chain security artifacts #1569

Closed
developer-guy opened this issue Mar 9, 2022 · 1 comment · Fixed by #1603
Closed

tree command to display all the supply chain security artifacts #1569

developer-guy opened this issue Mar 9, 2022 · 1 comment · Fixed by #1603
Assignees
@developer-guy
Labels
enhancement New feature or request

Comments

@developer-guy
Copy link
Member

Description

It'd be nice to have a tree command to display all the supply chain security artifacts such as SBOM, Attestation, Signature, etc. All of these are stored in an OCI registry along with the image itself with separated tags for SBOM .sbom, for Attestation .att, for Signature .sig, so, we'll be adding a tree command to view all of them in a nice formatted way like the following:

$ cosign tree <img> # if the user supplies a tag we'll be visualizing the data only for the tag, if not, we'll be summarizing all of the tags that the image has.

devopps/hello-world:latest
--> sha256:9fc31a8935dfdac754401cac99a6812a932fac70a49c003baecc2c2be0ba4454
    --> sha256-9fc31a8935dfdac754401cac99a6812a932fac70a49c003baecc2c2be0ba4454.sig
    --> sha256-9fc31a8935dfdac754401cac99a6812a932fac70a49c003baecc2c2be0ba4454.att
	--> sha256-9fc31a8935dfdac754401cac99a6812a932fac70a49c003baecc2c2be0ba4454.sbom

devopps/hello-world:v1
--> sha256:3267cad69a9cfc40c239f12c2589740642323772a445c837838a7f4d2507e605.
    --> sha256-3267cad69a9cfc40c239f12c2589740642323772a445c837838a7f4d2507e605.sig
    --> sha256-3267cad69a9cfc40c239f12c2589740642323772a445c837838a7f4d2507e605.att
	--> sha256-3267cad69a9cfc40c239f12c2589740642323772a445c837838a7f4d2507e605.sbom
@developer-guy developer-guy added the enhancement New feature or request label Mar 9, 2022
@dlorenc
Copy link
Member

dlorenc commented Mar 9, 2022

Sure, this could either go under the triangulate command or as it's own!

@Dentrax Dentrax mentioned this issue Mar 11, 2022
Open
developer-guy added a commit to developer-guy/cosign that referenced this issue Mar 14, 2022
@developer-guy
feat: tree command utility
68ed003 
Fixes sigstore#1569

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
@developer-guy developer-guy mentioned this issue Mar 14, 2022
Merged
@developer-guy developer-guy self-assigned this Mar 14, 2022
developer-guy added a commit to developer-guy/cosign that referenced this issue Mar 14, 2022
@developer-guy
feat: tree command utility
ce21081 
Fixes sigstore#1569

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
developer-guy added a commit to developer-guy/cosign that referenced this issue Mar 14, 2022
@developer-guy
feat: tree command utility
e2488bf 
Fixes sigstore#1569

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
developer-guy added a commit to developer-guy/cosign that referenced this issue Mar 15, 2022
@developer-guy
feat: tree command utility
6504a04 
Fixes sigstore#1569

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
developer-guy added a commit to developer-guy/cosign that referenced this issue Mar 15, 2022
@developer-guy @hectorj2f
feat: tree command utility
23da12a 
Fixes sigstore#1569

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Hector Fernandez <hectorj@gmail.com>
developer-guy added a commit to developer-guy/cosign that referenced this issue Mar 17, 2022
@developer-guy @hectorj2f
feat: tree command utility
bf7e702 
Fixes sigstore#1569

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Hector Fernandez <hectorj@gmail.com>
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
developer-guy added a commit to developer-guy/cosign that referenced this issue Mar 17, 2022
@developer-guy @hectorj2f
feat: tree command utility
76fdad9 
Fixes sigstore#1569

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Hector Fernandez <hectorj@gmail.com>
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
developer-guy added a commit to developer-guy/cosign that referenced this issue Mar 17, 2022
@developer-guy @hectorj2f
feat: tree command utility
eb29eaf 
Fixes sigstore#1569

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Hector Fernandez <hectorj@gmail.com>
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
dlorenc pushed a commit that referenced this issue Mar 22, 2022
@developer-guy @hectorj2f
feat: tree command utility (#1603)
be77bb0 
Fixes #1569

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Hector Fernandez <hectorj@gmail.com>
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>

Co-authored-by: Hector Fernandez <hectorj@gmail.com>
mlieberman85 pushed a commit to mlieberman85/cosign that referenced this issue May 6, 2022
@developer-guy @hectorj2f @mlieberman85
feat: tree command utility (sigstore#1603)
99b935a 
Fixes sigstore#1569

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Hector Fernandez <hectorj@gmail.com>
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>

Co-authored-by: Hector Fernandez <hectorj@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@developer-guy developer-guy

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: tree command utility developer-guy/cosign
2 participants
@dlorenc @developer-guy