Attach attestation to the supplied container image
cosign attach attestation [flags]
cosign attach attestation --attestation <attestation file path> <image uri>
# attach attestations from multiple files to a container image
cosign attach attestation --attestation <attestation file path> --attestation <attestation file path> <image uri>
# attach attestation from bundle files in form of JSONLines to a container image
# https://github.com/in-toto/attestation/blob/main/spec/v1.0-draft/bundle.md
cosign attach attestation --attestation <attestation bundle file path> <image uri>
--allow-http-registry whether to allow using HTTP protocol while connecting to registries. Don't use this for anything but testing
--allow-insecure-registry whether to allow insecure connections to registries (e.g., with expired or self-signed TLS certificates). Don't use this for anything but testing
--attachment-tag-prefix [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName] optional custom prefix to use for attached image tags. Attachment images are tagged as: [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName]
--attestation stringArray path to the attestation envelope
-h, --help help for attestation
--k8s-keychain whether to use the kubernetes keychain instead of the default keychain (supports workload identity).
--output-file string log output to a file
-t, --timeout duration timeout for commands (default 3m0s)
-d, --verbose log debug output
- cosign attach - Provides utilities for attaching artifacts to other artifacts in a registry