diff --git a/api/kyverno/v1/image_verification_types.go b/api/kyverno/v1/image_verification_types.go
index 7f30312881..dbfd9a8f75 100644
--- a/api/kyverno/v1/image_verification_types.go
+++ b/api/kyverno/v1/image_verification_types.go
@@ -188,7 +188,7 @@ type StaticKeyAttestor struct {
Secret *SecretReference `json:"secret,omitempty" yaml:"secret,omitempty"`
// Rekor provides configuration for the Rekor transparency log service. If the value is nil,
- // Rekor is not checked. If an empty object is provided the public instance of
+ // or an empty object is provided, the public instance of
// Rekor (https://rekor.sigstore.dev) is used.
// +kubebuilder:validation:Optional
Rekor *CTLog `json:"rekor,omitempty" yaml:"rekor,omitempty"`
@@ -248,6 +248,19 @@ type CTLog struct {
// +kubebuilder:validation:Required
// +kubebuilder:Default:=https://rekor.sigstore.dev
URL string `json:"url" yaml:"url"`
+
+ // RekorPubKey is an optional PEM encoded public key to use for a custom Rekor.
+ // If set, is used to validate signatures on log entries from Rekor.
+ // +kubebuilder:validation:Optional
+ RekorPubKey string `json:"pubkey,omitempty" yaml:"pubkey,omitempty"`
+
+ // IgnoreSCT requires that a certificate contain an embedded SCT during verification. An SCT is proof of inclusion in a certificate transparency log.
+ // +kubebuilder:validation:Optional
+ IgnoreSCT bool `json:"ignoreSCT,omitempty" yaml:"ignoreSCT,omitempty"`
+
+ // IgnoreTlog skip tlog verification
+ // +kubebuilder:validation:Optional
+ IgnoreTlog bool `json:"ignoreTlog,omitempty" yaml:"ignoreTlog,omitempty"`
}
// Attestation are checks for signed in-toto Statements that are used to verify the image.
diff --git a/charts/kyverno/templates/crds/crds.yaml b/charts/kyverno/templates/crds/crds.yaml
index 3a18bc01b0..a5aaf20f7a 100644
--- a/charts/kyverno/templates/crds/crds.yaml
+++ b/charts/kyverno/templates/crds/crds.yaml
@@ -6836,6 +6836,24 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -6871,6 +6889,24 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -6922,11 +6958,29 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not
- checked. If an empty object is provided
- the public instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an empty object
+ is provided, the public instance of
+ Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -7188,6 +7242,26 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -7224,6 +7298,26 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -7279,11 +7373,30 @@ spec:
description: Rekor provides configuration
for the Rekor transparency log
service. If the value is nil,
- Rekor is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ or an empty object is provided,
+ the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -7521,6 +7634,24 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -7555,6 +7686,24 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -7605,11 +7754,29 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not checked.
- If an empty object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
- is used.
+ If the value is nil, or an empty object
+ is provided, the public instance of
+ Rekor (https://rekor.sigstore.dev) is
+ used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -10903,6 +11070,26 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -10939,6 +11126,26 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -10994,11 +11201,30 @@ spec:
description: Rekor provides configuration
for the Rekor transparency log
service. If the value is nil,
- Rekor is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ or an empty object is provided,
+ the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -11270,6 +11496,27 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -11308,6 +11555,27 @@ spec:
of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -11368,12 +11636,33 @@ spec:
description: Rekor provides
configuration for the Rekor
transparency log service.
- If the value is nil, Rekor
- is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an
+ empty object is provided,
+ the public instance of Rekor
+ (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -11621,6 +11910,26 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -11656,6 +11965,26 @@ spec:
of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -11709,11 +12038,31 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not
- checked. If an empty object is provided
- the public instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an empty
+ object is provided, the public instance
+ of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -14734,6 +15083,24 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -14769,6 +15136,24 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -14820,11 +15205,29 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not
- checked. If an empty object is provided
- the public instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an empty object
+ is provided, the public instance of
+ Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -15071,6 +15474,26 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -15107,6 +15530,26 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -15162,11 +15605,30 @@ spec:
description: Rekor provides configuration
for the Rekor transparency log
service. If the value is nil,
- Rekor is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ or an empty object is provided,
+ the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -15404,6 +15866,24 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -15438,6 +15918,24 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -15488,11 +15986,29 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not checked.
- If an empty object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
- is used.
+ If the value is nil, or an empty object
+ is provided, the public instance of
+ Rekor (https://rekor.sigstore.dev) is
+ used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -18761,6 +19277,26 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -18797,6 +19333,26 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -18852,11 +19408,30 @@ spec:
description: Rekor provides configuration
for the Rekor transparency log
service. If the value is nil,
- Rekor is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ or an empty object is provided,
+ the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -19128,6 +19703,27 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -19166,6 +19762,27 @@ spec:
of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -19226,12 +19843,33 @@ spec:
description: Rekor provides
configuration for the Rekor
transparency log service.
- If the value is nil, Rekor
- is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an
+ empty object is provided,
+ the public instance of Rekor
+ (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -19479,6 +20117,26 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -19514,6 +20172,26 @@ spec:
of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -19567,11 +20245,31 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not
- checked. If an empty object is provided
- the public instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an empty
+ object is provided, the public instance
+ of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -22863,6 +23561,24 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -22898,6 +23614,24 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -22949,11 +23683,29 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not
- checked. If an empty object is provided
- the public instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an empty object
+ is provided, the public instance of
+ Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -23215,6 +23967,26 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -23251,6 +24023,26 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -23306,11 +24098,30 @@ spec:
description: Rekor provides configuration
for the Rekor transparency log
service. If the value is nil,
- Rekor is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ or an empty object is provided,
+ the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -23548,6 +24359,24 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -23582,6 +24411,24 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -23632,11 +24479,29 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not checked.
- If an empty object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
- is used.
+ If the value is nil, or an empty object
+ is provided, the public instance of
+ Rekor (https://rekor.sigstore.dev) is
+ used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -26931,6 +27796,26 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -26967,6 +27852,26 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -27022,11 +27927,30 @@ spec:
description: Rekor provides configuration
for the Rekor transparency log
service. If the value is nil,
- Rekor is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ or an empty object is provided,
+ the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -27298,6 +28222,27 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -27336,6 +28281,27 @@ spec:
of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -27396,12 +28362,33 @@ spec:
description: Rekor provides
configuration for the Rekor
transparency log service.
- If the value is nil, Rekor
- is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an
+ empty object is provided,
+ the public instance of Rekor
+ (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -27649,6 +28636,26 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -27684,6 +28691,26 @@ spec:
of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -27737,11 +28764,31 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not
- checked. If an empty object is provided
- the public instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an empty
+ object is provided, the public instance
+ of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -30763,6 +31810,24 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -30798,6 +31863,24 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -30849,11 +31932,29 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not
- checked. If an empty object is provided
- the public instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an empty object
+ is provided, the public instance of
+ Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -31100,6 +32201,26 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -31136,6 +32257,26 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -31191,11 +32332,30 @@ spec:
description: Rekor provides configuration
for the Rekor transparency log
service. If the value is nil,
- Rekor is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ or an empty object is provided,
+ the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -31433,6 +32593,24 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -31467,6 +32645,24 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -31517,11 +32713,29 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not checked.
- If an empty object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
- is used.
+ If the value is nil, or an empty object
+ is provided, the public instance of
+ Rekor (https://rekor.sigstore.dev) is
+ used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -34790,6 +36004,26 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -34826,6 +36060,26 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -34881,11 +36135,30 @@ spec:
description: Rekor provides configuration
for the Rekor transparency log
service. If the value is nil,
- Rekor is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ or an empty object is provided,
+ the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -35157,6 +36430,27 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -35195,6 +36489,27 @@ spec:
of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -35255,12 +36570,33 @@ spec:
description: Rekor provides
configuration for the Rekor
transparency log service.
- If the value is nil, Rekor
- is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an
+ empty object is provided,
+ the public instance of Rekor
+ (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -35508,6 +36844,26 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -35543,6 +36899,26 @@ spec:
of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -35596,11 +36972,31 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not
- checked. If an empty object is provided
- the public instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an empty
+ object is provided, the public instance
+ of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
diff --git a/config/crds/kyverno.io_clusterpolicies.yaml b/config/crds/kyverno.io_clusterpolicies.yaml
index 1950826e1f..62fdb6cb25 100644
--- a/config/crds/kyverno.io_clusterpolicies.yaml
+++ b/config/crds/kyverno.io_clusterpolicies.yaml
@@ -3019,6 +3019,24 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -3054,6 +3072,24 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -3105,11 +3141,29 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not
- checked. If an empty object is provided
- the public instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an empty object
+ is provided, the public instance of
+ Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -3371,6 +3425,26 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -3407,6 +3481,26 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -3462,11 +3556,30 @@ spec:
description: Rekor provides configuration
for the Rekor transparency log
service. If the value is nil,
- Rekor is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ or an empty object is provided,
+ the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -3704,6 +3817,24 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -3738,6 +3869,24 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -3788,11 +3937,29 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not checked.
- If an empty object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
- is used.
+ If the value is nil, or an empty object
+ is provided, the public instance of
+ Rekor (https://rekor.sigstore.dev) is
+ used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -7086,6 +7253,26 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -7122,6 +7309,26 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -7177,11 +7384,30 @@ spec:
description: Rekor provides configuration
for the Rekor transparency log
service. If the value is nil,
- Rekor is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ or an empty object is provided,
+ the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -7453,6 +7679,27 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -7491,6 +7738,27 @@ spec:
of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -7551,12 +7819,33 @@ spec:
description: Rekor provides
configuration for the Rekor
transparency log service.
- If the value is nil, Rekor
- is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an
+ empty object is provided,
+ the public instance of Rekor
+ (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -7804,6 +8093,26 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -7839,6 +8148,26 @@ spec:
of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -7892,11 +8221,31 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not
- checked. If an empty object is provided
- the public instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an empty
+ object is provided, the public instance
+ of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -10917,6 +11266,24 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -10952,6 +11319,24 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -11003,11 +11388,29 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not
- checked. If an empty object is provided
- the public instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an empty object
+ is provided, the public instance of
+ Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -11254,6 +11657,26 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -11290,6 +11713,26 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -11345,11 +11788,30 @@ spec:
description: Rekor provides configuration
for the Rekor transparency log
service. If the value is nil,
- Rekor is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ or an empty object is provided,
+ the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -11587,6 +12049,24 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -11621,6 +12101,24 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -11671,11 +12169,29 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not checked.
- If an empty object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
- is used.
+ If the value is nil, or an empty object
+ is provided, the public instance of
+ Rekor (https://rekor.sigstore.dev) is
+ used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -14944,6 +15460,26 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -14980,6 +15516,26 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -15035,11 +15591,30 @@ spec:
description: Rekor provides configuration
for the Rekor transparency log
service. If the value is nil,
- Rekor is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ or an empty object is provided,
+ the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -15311,6 +15886,27 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -15349,6 +15945,27 @@ spec:
of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -15409,12 +16026,33 @@ spec:
description: Rekor provides
configuration for the Rekor
transparency log service.
- If the value is nil, Rekor
- is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an
+ empty object is provided,
+ the public instance of Rekor
+ (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -15662,6 +16300,26 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -15697,6 +16355,26 @@ spec:
of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -15750,11 +16428,31 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not
- checked. If an empty object is provided
- the public instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an empty
+ object is provided, the public instance
+ of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
diff --git a/config/crds/kyverno.io_policies.yaml b/config/crds/kyverno.io_policies.yaml
index 301883152c..17324b7a8f 100644
--- a/config/crds/kyverno.io_policies.yaml
+++ b/config/crds/kyverno.io_policies.yaml
@@ -3020,6 +3020,24 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -3055,6 +3073,24 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -3106,11 +3142,29 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not
- checked. If an empty object is provided
- the public instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an empty object
+ is provided, the public instance of
+ Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -3372,6 +3426,26 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -3408,6 +3482,26 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -3463,11 +3557,30 @@ spec:
description: Rekor provides configuration
for the Rekor transparency log
service. If the value is nil,
- Rekor is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ or an empty object is provided,
+ the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -3705,6 +3818,24 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -3739,6 +3870,24 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -3789,11 +3938,29 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not checked.
- If an empty object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
- is used.
+ If the value is nil, or an empty object
+ is provided, the public instance of
+ Rekor (https://rekor.sigstore.dev) is
+ used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -7088,6 +7255,26 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -7124,6 +7311,26 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -7179,11 +7386,30 @@ spec:
description: Rekor provides configuration
for the Rekor transparency log
service. If the value is nil,
- Rekor is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ or an empty object is provided,
+ the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -7455,6 +7681,27 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -7493,6 +7740,27 @@ spec:
of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -7553,12 +7821,33 @@ spec:
description: Rekor provides
configuration for the Rekor
transparency log service.
- If the value is nil, Rekor
- is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an
+ empty object is provided,
+ the public instance of Rekor
+ (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -7806,6 +8095,26 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -7841,6 +8150,26 @@ spec:
of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -7894,11 +8223,31 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not
- checked. If an empty object is provided
- the public instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an empty
+ object is provided, the public instance
+ of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -10920,6 +11269,24 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -10955,6 +11322,24 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -11006,11 +11391,29 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not
- checked. If an empty object is provided
- the public instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an empty object
+ is provided, the public instance of
+ Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -11257,6 +11660,26 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -11293,6 +11716,26 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -11348,11 +11791,30 @@ spec:
description: Rekor provides configuration
for the Rekor transparency log
service. If the value is nil,
- Rekor is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ or an empty object is provided,
+ the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -11590,6 +12052,24 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -11624,6 +12104,24 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -11674,11 +12172,29 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not checked.
- If an empty object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
- is used.
+ If the value is nil, or an empty object
+ is provided, the public instance of
+ Rekor (https://rekor.sigstore.dev) is
+ used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -14947,6 +15463,26 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -14983,6 +15519,26 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -15038,11 +15594,30 @@ spec:
description: Rekor provides configuration
for the Rekor transparency log
service. If the value is nil,
- Rekor is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ or an empty object is provided,
+ the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -15314,6 +15889,27 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -15352,6 +15948,27 @@ spec:
of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -15412,12 +16029,33 @@ spec:
description: Rekor provides
configuration for the Rekor
transparency log service.
- If the value is nil, Rekor
- is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an
+ empty object is provided,
+ the public instance of Rekor
+ (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -15665,6 +16303,26 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -15700,6 +16358,26 @@ spec:
of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -15753,11 +16431,31 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not
- checked. If an empty object is provided
- the public instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an empty
+ object is provided, the public instance
+ of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
diff --git a/config/install-latest-testing.yaml b/config/install-latest-testing.yaml
index 41dc039c35..28bf33a224 100644
--- a/config/install-latest-testing.yaml
+++ b/config/install-latest-testing.yaml
@@ -7039,6 +7039,24 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -7074,6 +7092,24 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -7125,11 +7161,29 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not
- checked. If an empty object is provided
- the public instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an empty object
+ is provided, the public instance of
+ Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -7391,6 +7445,26 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -7427,6 +7501,26 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -7482,11 +7576,30 @@ spec:
description: Rekor provides configuration
for the Rekor transparency log
service. If the value is nil,
- Rekor is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ or an empty object is provided,
+ the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -7724,6 +7837,24 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -7758,6 +7889,24 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -7808,11 +7957,29 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not checked.
- If an empty object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
- is used.
+ If the value is nil, or an empty object
+ is provided, the public instance of
+ Rekor (https://rekor.sigstore.dev) is
+ used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -11106,6 +11273,26 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -11142,6 +11329,26 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -11197,11 +11404,30 @@ spec:
description: Rekor provides configuration
for the Rekor transparency log
service. If the value is nil,
- Rekor is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ or an empty object is provided,
+ the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -11473,6 +11699,27 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -11511,6 +11758,27 @@ spec:
of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -11571,12 +11839,33 @@ spec:
description: Rekor provides
configuration for the Rekor
transparency log service.
- If the value is nil, Rekor
- is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an
+ empty object is provided,
+ the public instance of Rekor
+ (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -11824,6 +12113,26 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -11859,6 +12168,26 @@ spec:
of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -11912,11 +12241,31 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not
- checked. If an empty object is provided
- the public instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an empty
+ object is provided, the public instance
+ of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -14937,6 +15286,24 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -14972,6 +15339,24 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -15023,11 +15408,29 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not
- checked. If an empty object is provided
- the public instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an empty object
+ is provided, the public instance of
+ Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -15274,6 +15677,26 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -15310,6 +15733,26 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -15365,11 +15808,30 @@ spec:
description: Rekor provides configuration
for the Rekor transparency log
service. If the value is nil,
- Rekor is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ or an empty object is provided,
+ the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -15607,6 +16069,24 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -15641,6 +16121,24 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -15691,11 +16189,29 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not checked.
- If an empty object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
- is used.
+ If the value is nil, or an empty object
+ is provided, the public instance of
+ Rekor (https://rekor.sigstore.dev) is
+ used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -18964,6 +19480,26 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -19000,6 +19536,26 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -19055,11 +19611,30 @@ spec:
description: Rekor provides configuration
for the Rekor transparency log
service. If the value is nil,
- Rekor is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ or an empty object is provided,
+ the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -19331,6 +19906,27 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -19369,6 +19965,27 @@ spec:
of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -19429,12 +20046,33 @@ spec:
description: Rekor provides
configuration for the Rekor
transparency log service.
- If the value is nil, Rekor
- is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an
+ empty object is provided,
+ the public instance of Rekor
+ (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -19682,6 +20320,26 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -19717,6 +20375,26 @@ spec:
of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -19770,11 +20448,31 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not
- checked. If an empty object is provided
- the public instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an empty
+ object is provided, the public instance
+ of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -23066,6 +23764,24 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -23101,6 +23817,24 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -23152,11 +23886,29 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not
- checked. If an empty object is provided
- the public instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an empty object
+ is provided, the public instance of
+ Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -23418,6 +24170,26 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -23454,6 +24226,26 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -23509,11 +24301,30 @@ spec:
description: Rekor provides configuration
for the Rekor transparency log
service. If the value is nil,
- Rekor is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ or an empty object is provided,
+ the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -23751,6 +24562,24 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -23785,6 +24614,24 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -23835,11 +24682,29 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not checked.
- If an empty object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
- is used.
+ If the value is nil, or an empty object
+ is provided, the public instance of
+ Rekor (https://rekor.sigstore.dev) is
+ used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -27134,6 +27999,26 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -27170,6 +28055,26 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -27225,11 +28130,30 @@ spec:
description: Rekor provides configuration
for the Rekor transparency log
service. If the value is nil,
- Rekor is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ or an empty object is provided,
+ the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -27501,6 +28425,27 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -27539,6 +28484,27 @@ spec:
of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -27599,12 +28565,33 @@ spec:
description: Rekor provides
configuration for the Rekor
transparency log service.
- If the value is nil, Rekor
- is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an
+ empty object is provided,
+ the public instance of Rekor
+ (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -27852,6 +28839,26 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -27887,6 +28894,26 @@ spec:
of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -27940,11 +28967,31 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not
- checked. If an empty object is provided
- the public instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an empty
+ object is provided, the public instance
+ of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -30966,6 +32013,24 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -31001,6 +32066,24 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -31052,11 +32135,29 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not
- checked. If an empty object is provided
- the public instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an empty object
+ is provided, the public instance of
+ Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion in
+ a certificate transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use
+ for a custom Rekor. If set, is
+ used to validate signatures on
+ log entries from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -31303,6 +32404,26 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -31339,6 +32460,26 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -31394,11 +32535,30 @@ spec:
description: Rekor provides configuration
for the Rekor transparency log
service. If the value is nil,
- Rekor is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ or an empty object is provided,
+ the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -31636,6 +32796,24 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -31670,6 +32848,24 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -31720,11 +32916,29 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not checked.
- If an empty object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
- is used.
+ If the value is nil, or an empty object
+ is provided, the public instance of
+ Rekor (https://rekor.sigstore.dev) is
+ used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires that
+ a certificate contain an embedded
+ SCT during verification. An SCT
+ is proof of inclusion in a certificate
+ transparency log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an optional
+ PEM encoded public key to use for
+ a custom Rekor. If set, is used
+ to validate signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address of
the transparency log. Defaults to
@@ -34993,6 +36207,26 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -35029,6 +36263,26 @@ spec:
Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -35084,11 +36338,30 @@ spec:
description: Rekor provides configuration
for the Rekor transparency log
service. If the value is nil,
- Rekor is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ or an empty object is provided,
+ the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip
+ tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is
+ an optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries
+ from Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -35360,6 +36633,27 @@ spec:
instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -35398,6 +36692,27 @@ spec:
of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -35458,12 +36773,33 @@ spec:
description: Rekor provides
configuration for the Rekor
transparency log service.
- If the value is nil, Rekor
- is not checked. If an empty
- object is provided the public
- instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an
+ empty object is provided,
+ the public instance of Rekor
+ (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain
+ an embedded SCT during
+ verification. An SCT is
+ proof of inclusion in
+ a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog
+ skip tlog verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey
+ is an optional PEM encoded
+ public key to use for
+ a custom Rekor. If set,
+ is used to validate signatures
+ on log entries from Rekor.
+ type: string
url:
description: URL is the
address of the transparency
@@ -35711,6 +37047,26 @@ spec:
the public instance of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -35746,6 +37102,26 @@ spec:
of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
@@ -35799,11 +37175,31 @@ spec:
rekor:
description: Rekor provides configuration
for the Rekor transparency log service.
- If the value is nil, Rekor is not
- checked. If an empty object is provided
- the public instance of Rekor (https://rekor.sigstore.dev)
+ If the value is nil, or an empty
+ object is provided, the public instance
+ of Rekor (https://rekor.sigstore.dev)
is used.
properties:
+ ignoreSCT:
+ description: IgnoreSCT requires
+ that a certificate contain an
+ embedded SCT during verification.
+ An SCT is proof of inclusion
+ in a certificate transparency
+ log.
+ type: boolean
+ ignoreTlog:
+ description: IgnoreTlog skip tlog
+ verification
+ type: boolean
+ pubkey:
+ description: RekorPubKey is an
+ optional PEM encoded public
+ key to use for a custom Rekor.
+ If set, is used to validate
+ signatures on log entries from
+ Rekor.
+ type: string
url:
description: URL is the address
of the transparency log. Defaults
diff --git a/docs/user/crd/index.html b/docs/user/crd/index.html
index 5ed81fbc6d..40b63ee24b 100644
--- a/docs/user/crd/index.html
+++ b/docs/user/crd/index.html
@@ -1098,6 +1098,40 @@ string
URL is the address of the transparency log. Defaults to the public log https://rekor.sigstore.dev.
+
+
+pubkey
+
+string
+
+ |
+
+ RekorPubKey is an optional PEM encoded public key to use for a custom Rekor.
+If set, is used to validate signatures on log entries from Rekor.
+ |
+
+
+
+ignoreSCT
+
+bool
+
+ |
+
+ IgnoreSCT requires that a certificate contain an embedded SCT during verification. An SCT is proof of inclusion in a certificate transparency log.
+ |
+
+
+
+ignoreTlog
+
+bool
+
+ |
+
+ IgnoreTlog skip tlog verification
+ |
+
@@ -3816,7 +3850,7 @@ CTLog
Rekor provides configuration for the Rekor transparency log service. If the value is nil,
-Rekor is not checked. If an empty object is provided the public instance of
+or an empty object is provided, the public instance of
Rekor (https://rekor.sigstore.dev) is used.
|
diff --git a/go.mod b/go.mod
index 3c73ef7398..ad6fbd7a82 100644
--- a/go.mod
+++ b/go.mod
@@ -23,7 +23,7 @@ require (
github.com/google/gnostic v0.6.9
github.com/google/go-containerregistry v0.16.1
github.com/google/go-containerregistry/pkg/authn/kubernetes v0.0.0-20230403180904-b8d1c0a1df12
- github.com/in-toto/in-toto-golang v0.6.0
+ github.com/in-toto/in-toto-golang v0.9.0
github.com/jmoiron/jsonq v0.0.0-20150511023944-e874b168d07e
github.com/julienschmidt/httprouter v1.3.0
github.com/kataras/tablewriter v0.0.0-20180708051242-e063d29b7c23
@@ -39,9 +39,14 @@ require (
github.com/pkg/errors v0.9.1
github.com/prometheus/client_golang v1.16.0
github.com/robfig/cron v1.2.0
- github.com/sigstore/cosign v1.13.1
- github.com/sigstore/k8s-manifest-sigstore v0.4.4
- github.com/sigstore/sigstore v1.5.2
+ github.com/sigstore/cosign/v2 v2.1.1
+ github.com/sigstore/k8s-manifest-sigstore v0.5.1
+ github.com/sigstore/rekor v1.2.2-0.20230530122220-67cc9e58bd23
+ github.com/sigstore/sigstore v1.7.1
+ github.com/sigstore/sigstore/pkg/signature/kms/aws v1.7.1
+ github.com/sigstore/sigstore/pkg/signature/kms/azure v1.7.1
+ github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.7.1
+ github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.7.1
github.com/spf13/cobra v1.7.0
github.com/stretchr/testify v1.8.4
github.com/zach-klippenstein/goregen v0.0.0-20160303162051-795b5e3961ea
@@ -81,6 +86,7 @@ require (
sigs.k8s.io/controller-runtime v0.15.1
sigs.k8s.io/kustomize/api v0.13.4
sigs.k8s.io/kustomize/kyaml v0.14.2
+ sigs.k8s.io/release-utils v0.7.4
sigs.k8s.io/structured-merge-diff/v4 v4.3.0
sigs.k8s.io/yaml v1.3.0
)
@@ -94,25 +100,30 @@ require (
require (
cloud.google.com/go/compute/metadata v0.2.3 // indirect
- cloud.google.com/go/iam v1.0.0 // indirect
- cloud.google.com/go/kms v1.10.1 // indirect
- cuelang.org/go v0.4.3 // indirect
+ cloud.google.com/go/iam v1.1.0 // indirect
+ cloud.google.com/go/kms v1.12.1 // indirect
+ cuelang.org/go v0.5.0 // indirect
dario.cat/mergo v1.0.0 // indirect
+ filippo.io/edwards25519 v1.0.0 // indirect
github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 // indirect
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
+ github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.1 // indirect
+ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0 // indirect
+ github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect
+ github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v0.12.0 // indirect
+ github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v0.8.0 // indirect
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
- github.com/Azure/go-autorest/autorest v0.11.28 // indirect
+ github.com/Azure/go-autorest/autorest v0.11.29 // indirect
github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect
github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 // indirect
github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect
github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
- github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect
- github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect
github.com/Azure/go-autorest/logger v0.2.1 // indirect
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
+ github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 // indirect
github.com/Masterminds/goutils v1.1.1 // indirect
- github.com/Masterminds/semver/v3 v3.2.0 // indirect
+ github.com/Masterminds/semver/v3 v3.2.1 // indirect
github.com/Microsoft/go-winio v0.6.1 // indirect
github.com/OneOfOne/xxhash v1.2.8 // indirect
github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 // indirect
@@ -130,23 +141,24 @@ require (
github.com/alibabacloud-go/tea-utils v1.4.5 // indirect
github.com/alibabacloud-go/tea-xml v1.1.3 // indirect
github.com/aliyun/credentials-go v1.2.7 // indirect
- github.com/aws/aws-sdk-go-v2 v1.17.7 // indirect
- github.com/aws/aws-sdk-go-v2/config v1.18.19 // indirect
- github.com/aws/aws-sdk-go-v2/credentials v1.13.18 // indirect
- github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.1 // indirect
- github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.31 // indirect
- github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.25 // indirect
- github.com/aws/aws-sdk-go-v2/internal/ini v1.3.32 // indirect
+ github.com/aws/aws-sdk-go-v2 v1.18.1 // indirect
+ github.com/aws/aws-sdk-go-v2/config v1.18.27 // indirect
+ github.com/aws/aws-sdk-go-v2/credentials v1.13.26 // indirect
+ github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4 // indirect
+ github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34 // indirect
+ github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28 // indirect
+ github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 // indirect
github.com/aws/aws-sdk-go-v2/service/ecr v1.18.7 // indirect
github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.15.6 // indirect
- github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.25 // indirect
- github.com/aws/aws-sdk-go-v2/service/kms v1.20.8 // indirect
- github.com/aws/aws-sdk-go-v2/service/sso v1.12.6 // indirect
- github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.6 // indirect
- github.com/aws/aws-sdk-go-v2/service/sts v1.18.7 // indirect
+ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 // indirect
+ github.com/aws/aws-sdk-go-v2/service/kms v1.22.2 // indirect
+ github.com/aws/aws-sdk-go-v2/service/sso v1.12.12 // indirect
+ github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12 // indirect
+ github.com/aws/aws-sdk-go-v2/service/sts v1.19.2 // indirect
github.com/aws/smithy-go v1.13.5 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/blang/semver v3.5.1+incompatible // indirect
+ github.com/buildkite/agent/v3 v3.49.0 // indirect
github.com/cenkalti/backoff/v3 v3.2.2 // indirect
github.com/cenkalti/backoff/v4 v4.2.1 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
@@ -155,9 +167,11 @@ require (
github.com/cockroachdb/apd/v2 v2.0.2 // indirect
github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect
github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
- github.com/coreos/go-oidc/v3 v3.5.0 // indirect
+ github.com/coreos/go-oidc/v3 v3.6.0 // indirect
github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
+ github.com/digitorus/pkcs7 v0.0.0-20221212123742-001c36b64ec3 // indirect
+ github.com/digitorus/timestamp v0.0.0-20221019182153-ef3b63b79b31 // indirect
github.com/dimchansky/utfbom v1.1.1 // indirect
github.com/djherbis/times v1.5.0 // indirect
github.com/docker/cli v24.0.0+incompatible // indirect
@@ -172,6 +186,7 @@ require (
github.com/felixge/httpsnoop v1.0.3 // indirect
github.com/fsnotify/fsnotify v1.6.0 // indirect
github.com/fxamacker/cbor/v2 v2.4.0 // indirect
+ github.com/gabriel-vasile/mimetype v1.4.2 // indirect
github.com/go-asn1-ber/asn1-ber v1.5.4 // indirect
github.com/go-chi/chi v4.1.2+incompatible // indirect
github.com/go-errors/errors v1.4.2 // indirect
@@ -184,15 +199,15 @@ require (
github.com/go-openapi/jsonpointer v0.19.6 // indirect
github.com/go-openapi/jsonreference v0.20.2 // indirect
github.com/go-openapi/loads v0.21.2 // indirect
- github.com/go-openapi/runtime v0.25.0 // indirect
- github.com/go-openapi/spec v0.20.8 // indirect
+ github.com/go-openapi/runtime v0.26.0 // indirect
+ github.com/go-openapi/spec v0.20.9 // indirect
github.com/go-openapi/strfmt v0.21.7 // indirect
- github.com/go-openapi/swag v0.22.3 // indirect
+ github.com/go-openapi/swag v0.22.4 // indirect
github.com/go-openapi/validate v0.22.1 // indirect
github.com/go-piv/piv-go v1.11.0 // indirect
github.com/go-playground/locales v0.14.1 // indirect
github.com/go-playground/universal-translator v0.18.1 // indirect
- github.com/go-playground/validator/v10 v10.12.0 // indirect
+ github.com/go-playground/validator/v10 v10.14.0 // indirect
github.com/gobwas/glob v0.2.3 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
@@ -201,18 +216,17 @@ require (
github.com/golang/protobuf v1.5.3 // indirect
github.com/golang/snappy v0.0.4 // indirect
github.com/google/btree v1.1.2 // indirect
- github.com/google/certificate-transparency-go v1.1.4 // indirect
+ github.com/google/certificate-transparency-go v1.1.6 // indirect
github.com/google/go-cmp v0.5.9 // indirect
- github.com/google/go-github/v45 v45.2.0 // indirect
+ github.com/google/go-github/v50 v50.2.0 // indirect
github.com/google/go-querystring v1.1.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/gxui v0.0.0-20151028112939-f85e0a97b3a4 // indirect
- github.com/google/s2a-go v0.1.3 // indirect
+ github.com/google/s2a-go v0.1.4 // indirect
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
- github.com/google/trillian v1.5.1 // indirect
github.com/google/uuid v1.3.0 // indirect
- github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
- github.com/googleapis/gax-go/v2 v2.8.0 // indirect
+ github.com/googleapis/enterprise-certificate-proxy v0.2.4 // indirect
+ github.com/googleapis/gax-go/v2 v2.11.0 // indirect
github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.15.2 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
@@ -224,20 +238,21 @@ require (
github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
github.com/hashicorp/go-sockaddr v1.0.2 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
- github.com/hashicorp/vault/api v1.9.0 // indirect
+ github.com/hashicorp/vault/api v1.9.2 // indirect
github.com/huandu/xstrings v1.3.3 // indirect
github.com/imdario/mergo v0.3.15 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
github.com/jedisct1/go-minisign v0.0.0-20230211184525-1f273d8dc776 // indirect
- github.com/jellydator/ttlcache/v2 v2.11.1 // indirect
+ github.com/jellydator/ttlcache/v3 v3.0.1 // indirect
github.com/jinzhu/copier v0.3.5 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/kevinburke/ssh_config v1.2.0 // indirect
github.com/klauspost/compress v1.16.5 // indirect
- github.com/leodido/go-urn v1.2.2 // indirect
+ github.com/kylelemons/godebug v1.1.0 // indirect
+ github.com/leodido/go-urn v1.2.4 // indirect
github.com/letsencrypt/boulder v0.0.0-20230331213904-8c67769be400 // indirect
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
github.com/magiconair/properties v1.8.7 // indirect
@@ -258,15 +273,18 @@ require (
github.com/mozillazg/docker-credential-acr-helper v0.3.0 // indirect
github.com/mpvl/unique v0.0.0-20150818121801-cbe035fff7de // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+ github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 // indirect
github.com/nxadm/tail v1.4.8 // indirect
github.com/oklog/ulid v1.3.1 // indirect
github.com/oliveagle/jsonpath v0.0.0-20180606110733-2e52cf6e6852 // indirect
github.com/open-policy-agent/gatekeeper v0.0.0-20210824170141-dd97b8a7e966 // indirect
- github.com/open-policy-agent/opa v0.51.0 // indirect
+ github.com/open-policy-agent/opa v0.52.0 // indirect
github.com/opentracing/opentracing-go v1.2.0 // indirect
- github.com/pelletier/go-toml/v2 v2.0.7 // indirect
+ github.com/pborman/uuid v1.2.1 // indirect
+ github.com/pelletier/go-toml/v2 v2.0.8 // indirect
github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
github.com/pjbgf/sha1cd v0.3.0 // indirect
+ github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/prometheus/client_model v0.4.0 // indirect
github.com/prometheus/common v0.42.0 // indirect
@@ -276,37 +294,36 @@ require (
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
github.com/rivo/uniseg v0.4.4 // indirect
github.com/ryanuber/go-glob v1.0.0 // indirect
- github.com/sassoftware/relic v0.0.0-20210427151427-dfb082b79b74 // indirect
- github.com/secure-systems-lab/go-securesystemslib v0.4.0 // indirect
+ github.com/sassoftware/relic v7.2.1+incompatible // indirect
+ github.com/secure-systems-lab/go-securesystemslib v0.6.0 // indirect
github.com/segmentio/ksuid v1.0.4 // indirect
github.com/sergi/go-diff v1.3.1 // indirect
github.com/shibumi/go-pathspec v1.3.0 // indirect
github.com/shopspring/decimal v1.2.0 // indirect
- github.com/sigstore/fulcio v1.1.0 // indirect
- github.com/sigstore/rekor v1.0.1 // indirect
- github.com/sirupsen/logrus v1.9.1 // indirect
+ github.com/sigstore/fulcio v1.3.1 // indirect
+ github.com/sigstore/timestamp-authority v1.1.1 // indirect
+ github.com/sirupsen/logrus v1.9.3 // indirect
github.com/skeema/knownhosts v1.2.0 // indirect
github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
github.com/spf13/afero v1.9.5 // indirect
- github.com/spf13/cast v1.5.0 // indirect
+ github.com/spf13/cast v1.5.1 // indirect
github.com/spf13/jwalterweatherman v1.1.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
- github.com/spf13/viper v1.15.0 // indirect
- github.com/spiffe/go-spiffe/v2 v2.1.3 // indirect
+ github.com/spf13/viper v1.16.0 // indirect
+ github.com/spiffe/go-spiffe/v2 v2.1.6 // indirect
github.com/subosito/gotenv v1.4.2 // indirect
github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect
github.com/tchap/go-patricia/v2 v2.3.1 // indirect
github.com/tektoncd/chains v0.15.0 // indirect
- github.com/tent/canonical-json-go v0.0.0-20130607151641-96e4ba3a7613 // indirect
github.com/thales-e-security/pool v0.0.2 // indirect
github.com/theupdateframework/go-tuf v0.5.2 // indirect
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
github.com/tjfoc/gmsm v1.4.1 // indirect
- github.com/transparency-dev/merkle v0.0.1 // indirect
+ github.com/transparency-dev/merkle v0.0.2 // indirect
github.com/vbatts/tar-split v0.11.3 // indirect
github.com/veraison/go-cose v1.1.0 // indirect
github.com/x448/float16 v0.8.4 // indirect
- github.com/xanzy/go-gitlab v0.81.0 // indirect
+ github.com/xanzy/go-gitlab v0.86.0 // indirect
github.com/xanzy/ssh-agent v0.3.3 // indirect
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
@@ -319,19 +336,20 @@ require (
go.opentelemetry.io/otel/exporters/otlp/otlpmetric v0.39.0 // indirect
go.opentelemetry.io/proto/otlp v0.19.0 // indirect
go.starlark.net v0.0.0-20230302034142-4b1e35fe2254 // indirect
+ go.step.sm/crypto v0.32.1 // indirect
golang.org/x/mod v0.12.0 // indirect
golang.org/x/net v0.12.0 // indirect
- golang.org/x/oauth2 v0.8.0 // indirect
+ golang.org/x/oauth2 v0.9.0 // indirect
golang.org/x/sync v0.3.0 // indirect
golang.org/x/sys v0.11.0 // indirect
golang.org/x/term v0.11.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/tools v0.9.3 // indirect
- google.golang.org/api v0.122.0 // indirect
+ google.golang.org/api v0.128.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
- google.golang.org/genproto v0.0.0-20230526161137-0005af68ea54 // indirect
- google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9 // indirect
- google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 // indirect
+ google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc // indirect
+ google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc // indirect
+ google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect
google.golang.org/protobuf v1.30.0 // indirect
gopkg.in/go-jose/go-jose.v2 v2.6.1 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
@@ -342,5 +360,4 @@ require (
k8s.io/kubectl v0.26.3 // indirect
oras.land/oras-go/v2 v2.2.1 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
- sigs.k8s.io/release-utils v0.7.3 // indirect
)
diff --git a/go.sum b/go.sum
index cde900074c..aa040cab34 100644
--- a/go.sum
+++ b/go.sum
@@ -20,7 +20,7 @@ cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHOb
cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY=
-cloud.google.com/go v0.110.0 h1:Zc8gqp3+a9/Eyph2KDmcGaPtbKRIoqq4YTlL4NMD0Ys=
+cloud.google.com/go v0.110.2 h1:sdFPBr6xG9/wkBbfhmUz/JmZC7X6LavQgcrVINrKiVA=
cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
@@ -29,17 +29,15 @@ cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4g
cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
cloud.google.com/go/compute v1.19.3 h1:DcTwsFgGev/wV5+q8o2fzgcHOaac+DKGC91ZlvpsQds=
cloud.google.com/go/compute v1.19.3/go.mod h1:qxvISKp/gYnXkSAD1ppcSOveRAmzxicEv/JlizULFrI=
-cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
-cloud.google.com/go/iam v1.0.0 h1:hlQJMovyJJwYjZcTohUH4o1L8Z8kYz+E+W/zktiLCBc=
-cloud.google.com/go/iam v1.0.0/go.mod h1:ikbQ4f1r91wTmBmmOtBCOtuEOei6taatNXytzB7Cxew=
-cloud.google.com/go/kms v1.10.1 h1:7hm1bRqGCA1GBRQUrp831TwJ9TWhP+tvLuP497CQS2g=
-cloud.google.com/go/kms v1.10.1/go.mod h1:rIWk/TryCkR59GMC3YtHtXeLzd634lBbKenvyySAyYI=
-cloud.google.com/go/longrunning v0.4.1 h1:v+yFJOfKC3yZdY6ZUI933pIYdhyhV8S3NpWrXWmg7jM=
+cloud.google.com/go/iam v1.1.0 h1:67gSqaPukx7O8WLLHMa0PNs3EBGd2eE4d+psbO/CO94=
+cloud.google.com/go/iam v1.1.0/go.mod h1:nxdHjaKfCr7fNYx/HJMM8LgiMugmveWlkatear5gVyk=
+cloud.google.com/go/kms v1.12.1 h1:xZmZuwy2cwzsocmKDOPu4BL7umg8QXagQx6fKVmf45U=
+cloud.google.com/go/kms v1.12.1/go.mod h1:c9J991h5DTl+kg7gi3MYomh12YEENGrf48ee/N/2CDM=
cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
@@ -54,25 +52,39 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9
cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
contrib.go.opencensus.io/exporter/prometheus v0.3.0/go.mod h1:rpCPVQKhiyH8oomWgm34ZmgIdZa8OVYO5WAIygPbBBE=
contrib.go.opencensus.io/exporter/stackdriver v0.13.4/go.mod h1:aXENhDJ1Y4lIg4EUaVTwzvYETVNZk10Pu26tevFKLUc=
-cuelang.org/go v0.4.3 h1:W3oBBjDTm7+IZfCKZAmC8uDG0eYfJL4Pp/xbbCMKaVo=
-cuelang.org/go v0.4.3/go.mod h1:7805vR9H+VoBNdWFdI7jyDR3QLUPp4+naHfbcgp55HI=
+cuelang.org/go v0.5.0 h1:D6N0UgTGJCOxFKU8RU+qYvavKNsVc/+ZobmifStVJzU=
+cuelang.org/go v0.5.0/go.mod h1:okjJBHFQFer+a41sAe2SaGm1glWS8oEb6CmJvn5Zdws=
dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+filippo.io/edwards25519 v1.0.0 h1:0wAIcmJUqRdI8IJ/3eGi5/HwXZWPujYXXlkrQogz0Ek=
+filippo.io/edwards25519 v1.0.0/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns=
+github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230329111138-12e09aba5ebd h1:1tbEqR4NyQLgiod7vLXSswHteGetAVZrMGCqrJxLKRs=
github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 h1:8+4G8JaejP8Xa6W46PzJEwisNgBXMvFcz78N6zG/ARw=
github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0/go.mod h1:GgeIE+1be8Ivm7Sh4RgwI42aTtC9qrcj+Y9Y6CjJhJs=
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU=
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.1 h1:SEy2xmstIphdPwNBUi7uhvjyjhVKISfwjfOJmuy7kg4=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.1/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0 h1:vcYCAze6p19qBW7MhZybIsqD8sMV8js0NyQM8JDnVtg=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0/go.mod h1:OQeznEEkTZ9OrhHJoDD8ZDq51FHgXjqtP9z6bEwBq9U=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 h1:sXr+ck84g/ZlZUOZiNELInmMgOsuGwdjjVkEIde0OtY=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v0.12.0 h1:4Kynh6Hn2ekyIsBgNQJb3dn1+/MyvzfUJebti2emB/A=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v0.12.0/go.mod h1:Q28U+75mpCaSCDowNEmhIo/rmgdkqmkmzI7N6TGR4UY=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v0.8.0 h1:T028gtTPiYt/RMUfs8nVsAL7FDQrfLlrm/NnRG/zcC4=
+github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v0.8.0/go.mod h1:cw4zVQgBby0Z5f2v0itn6se2dDP17nTjbZFXW5uPyHA=
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw=
github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc=
-github.com/Azure/go-autorest/autorest v0.11.28 h1:ndAExarwr5Y+GaHE6VCaY1kyS/HwwGGyuimVhWsHOEM=
-github.com/Azure/go-autorest/autorest v0.11.28/go.mod h1:MrkzG3Y3AH668QyF9KRk5neJnGgmhQ6krbhR8Q5eMvA=
+github.com/Azure/go-autorest/autorest v0.11.29 h1:I4+HL/JDvErx2LjyzaVxllw2lRDB5/BT2Bm4g20iqYw=
+github.com/Azure/go-autorest/autorest v0.11.29/go.mod h1:ZtEzC4Jy2JDrZLxvWs8LrBWEBycl1hbT1eknI8MtfAs=
github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg=
github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A=
github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
+github.com/Azure/go-autorest/autorest/adal v0.9.22/go.mod h1:XuAbAEUv2Tta//+voMI038TrJBqjKam0me7qR+L8Cmk=
github.com/Azure/go-autorest/autorest/adal v0.9.23 h1:Yepx8CvFxwNKpH6ja7RZ+sKX+DWYNldbLiALMC3BTz8=
github.com/Azure/go-autorest/autorest/adal v0.9.23/go.mod h1:5pcMqFkdPhviJdlEy3kC/v1ZLnQl0MH6XA5YCcMhy4c=
github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 h1:wkAZRgT/pn8HhFyzfe9UnqOjJYqlembgCTi72Bm/xKk=
@@ -86,10 +98,6 @@ github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935
github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
github.com/Azure/go-autorest/autorest/mocks v0.4.2 h1:PGN4EDXnuQbojHbU0UWoNvmu9AGVwYHG9/fkDYhtAfw=
github.com/Azure/go-autorest/autorest/mocks v0.4.2/go.mod h1:Vy7OitM9Kei0i1Oj+LvyAWMXJHeKH1MVlzFugfVrmyU=
-github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk=
-github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE=
-github.com/Azure/go-autorest/autorest/validation v0.3.1 h1:AgyqjAd94fwNAoTjl/WQXg4VvFeRFpO+UhNyRXqF1ac=
-github.com/Azure/go-autorest/autorest/validation v0.3.1/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E=
github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg=
github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
@@ -97,6 +105,8 @@ github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUM
github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 h1:OBhqkivkhkMqLPymWEppkm7vgPQY2XsHoEkaMQ0AdZY=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0/go.mod h1:kgDmCTgBzIEPFElEF+FK0SdjAor06dRq2Go927dnQ6o=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
@@ -109,8 +119,9 @@ github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJ
github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
-github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g=
github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
+github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=
+github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
github.com/Masterminds/sprig v2.15.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA=
@@ -218,41 +229,51 @@ github.com/aws/aws-sdk-go v1.23.20/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpi
github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
github.com/aws/aws-sdk-go v1.36.30/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
-github.com/aws/aws-sdk-go v1.44.204 h1:7/tPUXfNOHB390A63t6fJIwmlwVQAkAwcbzKsU2/6OQ=
+github.com/aws/aws-sdk-go v1.44.288 h1:Ln7fIao/nl0ACtelgR1I4AiEw/GLNkKcXfCaHupUW5Q=
github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g=
-github.com/aws/aws-sdk-go-v2 v1.17.7 h1:CLSjnhJSTSogvqUGhIC6LqFKATMRexcxLZ0i/Nzk9Eg=
github.com/aws/aws-sdk-go-v2 v1.17.7/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
-github.com/aws/aws-sdk-go-v2/config v1.18.19 h1:AqFK6zFNtq4i1EYu+eC7lcKHYnZagMn6SW171la0bGw=
+github.com/aws/aws-sdk-go-v2 v1.18.1 h1:+tefE750oAb7ZQGzla6bLkOwfcQCEtC5y2RqoqCeqKo=
+github.com/aws/aws-sdk-go-v2 v1.18.1/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
github.com/aws/aws-sdk-go-v2/config v1.18.19/go.mod h1:XvTmGMY8d52ougvakOv1RpiTLPz9dlG/OQHsKU/cMmY=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.18 h1:EQMdtHwz0ILTW1hoP+EwuWhwCG1hD6l3+RWFQABET4c=
+github.com/aws/aws-sdk-go-v2/config v1.18.27 h1:Az9uLwmssTE6OGTpsFqOnaGpLnKDqNYOJzWuC6UAYzA=
+github.com/aws/aws-sdk-go-v2/config v1.18.27/go.mod h1:0My+YgmkGxeqjXZb5BYme5pc4drjTnM+x1GJ3zv42Nw=
github.com/aws/aws-sdk-go-v2/credentials v1.13.18/go.mod h1:vnwlwjIe+3XJPBYKu1et30ZPABG3VaXJYr8ryohpIyM=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.1 h1:gt57MN3liKiyGopcqgNzJb2+d9MJaKT/q1OksHNXVE4=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.26 h1:qmU+yhKmOCyujmuPY7tf5MxR/RKyZrOPO3V4DobiTUk=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.26/go.mod h1:GoXt2YC8jHUBbA4jr+W3JiemnIbkXOfxSXcisUsZ3os=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.1/go.mod h1:lfUx8puBRdM5lVVMQlwt2v+ofiG/X6Ms+dy0UkG/kXw=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.31 h1:sJLYcS+eZn5EeNINGHSCRAwUJMFVqklwkH36Vbyai7M=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4 h1:LxK/bitrAr4lnh9LnIS6i7zWbCOdMsfzKFBI6LUCS0I=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4/go.mod h1:E1hLXN/BL2e6YizK1zFlYd8vsfi2GTjbjBazinMmeaM=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.31/go.mod h1:QT0BqUvX1Bh2ABdTGnjqEjvjzrCfIniM9Sc8zn9Yndo=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.25 h1:1mnRASEKnkqsntcxHaysxwgVoUUp5dkiB+l3llKnqyg=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34 h1:A5UqQEmPaCFpedKouS4v+dHCTUo2sKqhoKO9U5kxyWo=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34/go.mod h1:wZpTEecJe0Btj3IYnDx/VlUzor9wm3fJHyvLpQF0VwY=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.25/go.mod h1:zBHOPwhBc3FlQjQJE/D3IfPWiWaQmT06Vq9aNukDo0k=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.32 h1:p5luUImdIqywn6JpQsW3tq5GNOxKmOnEpybzPx+d1lk=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28 h1:srIVS45eQuewqz6fKKu6ZGXaq6FuFg5NzgQBAM6g8Y4=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28/go.mod h1:7VRpKQQedkfIEXb4k52I7swUnZP0wohVajJMRn3vsUw=
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.32/go.mod h1:XGhIBZDEgfqmFIugclZ6FU7v75nHhBDtzuB4xB/tEi4=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 h1:LWA+3kDM8ly001vJ1X1waCuLJdtTl48gwkPKWy9sosI=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35/go.mod h1:0Eg1YjxE0Bhn56lx+SHJwCzhW+2JGtizsrx+lCqrfm0=
github.com/aws/aws-sdk-go-v2/service/ecr v1.18.7 h1:oQ1Esut3iaL2Dydt2RBd9gbuUevToXpdTI+Uh1xXryI=
github.com/aws/aws-sdk-go-v2/service/ecr v1.18.7/go.mod h1:RHhgOMnMIkgB4TmxQat9obSnZ6fF1fuA27+itZKUi1o=
github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.15.6 h1:An1fWO68q8iu/v3E23lz4RwwSU4NagPJZlbGM4KmOTk=
github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.15.6/go.mod h1:6Oe4un07H6Hv/VNTtubGHUNP5S2HwgmQk19hOnbkSGc=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.25 h1:5LHn8JQ0qvjD9L9JhMtylnkcw7j05GDZqM9Oin6hpr0=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.25/go.mod h1:/95IA+0lMnzW6XzqYJRpjjsAbKEORVeO0anQqjd2CNU=
-github.com/aws/aws-sdk-go-v2/service/kms v1.20.8 h1:R5f4VOFi3ScTe7TtePyxLqEhNqTJIAxL57MzrXFNs6I=
-github.com/aws/aws-sdk-go-v2/service/kms v1.20.8/go.mod h1:OtP3pBOgmJM+acQyQcQXtQHets3yJoVuanCx2T5M7v4=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.6 h1:5V7DWLBd7wTELVz5bPpwzYy/sikk0gsgZfj40X+l5OI=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 h1:bkRyG4a929RCnpVSTvLM2j/T4ls015ZhhYApbmYs15s=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28/go.mod h1:jj7znCIg05jXlaGBlFMGP8+7UN3VtCkRBG2spnmRQkU=
+github.com/aws/aws-sdk-go-v2/service/kms v1.22.2 h1:jwmtdM1/l1DRNy5jQrrYpsQm8zwetkgeqhAqefDr1yI=
+github.com/aws/aws-sdk-go-v2/service/kms v1.22.2/go.mod h1:aNfh11Smy55o65PB3MyKbkM8BFyFUcZmj1k+4g8eNfg=
github.com/aws/aws-sdk-go-v2/service/sso v1.12.6/go.mod h1:Y1VOmit/Fn6Tz1uFAeCO6Q7M2fmfXSCLeL5INVYsLuY=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.6 h1:B8cauxOH1W1v7rd8RdI/MWnoR4Ze0wIHWrb90qczxj4=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.12 h1:nneMBM2p79PGWBQovYO/6Xnc2ryRMw3InnDJq1FHkSY=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.12/go.mod h1:HuCOxYsF21eKrerARYO6HapNeh9GBNq7fius2AcwodY=
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.6/go.mod h1:Lh/bc9XUf8CfOY6Jp5aIkQtN+j1mc+nExc+KXj9jx2s=
-github.com/aws/aws-sdk-go-v2/service/sts v1.18.7 h1:bWNgNdRko2x6gqa0blfATqAZKZokPIeM1vfmQt2pnvM=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12 h1:2qTR7IFk7/0IN/adSFhYu9Xthr0zVFTgBrmPldILn80=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12/go.mod h1:E4VrHCPzmVB/KFXtqBGKb3c8zpbNBgKe3fisDNLAW5w=
github.com/aws/aws-sdk-go-v2/service/sts v1.18.7/go.mod h1:JuTnSoeePXmMVe9G8NcjjwgOKEfZ4cOjMuT2IBT/2eI=
+github.com/aws/aws-sdk-go-v2/service/sts v1.19.2 h1:XFJ2Z6sNUUcAz9poj+245DMkrHE4h2j5I9/xD50RHfE=
+github.com/aws/aws-sdk-go-v2/service/sts v1.19.2/go.mod h1:dp0yLPsLBOi++WTxzCjA/oZqi6NPIhoR+uF7GeMU9eg=
github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20230322223720-077b4a917a90 h1:GN8SzriwBUX5aagQft8cJ5sKUaXdHUdX8q2gS2mkom8=
github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20230322223720-077b4a917a90/go.mod h1:V97RBAXo2x0elgRWnSfhWLDkwwEl7dNmmBRAvbwmEoA=
-github.com/beevik/etree v1.1.0/go.mod h1:r8Aw8JqVegEf0w2fDnATrX9VpkMcyFeM0FhwO62wh+A=
github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
github.com/benbjohnson/clock v1.3.0 h1:ip6w0uFQkncKQ979AypyG0ER7mqUSBdKLOgAle/AT8A=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@@ -267,8 +288,9 @@ github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnweb
github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
github.com/bombsimon/wsl/v3 v3.3.0/go.mod h1:st10JtZYLE4D5sC7b8xV4zTKZwAQjCH/Hy2Pm1FNZIc=
-github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b/go.mod h1:H0wQNHz2YrLsuXOZozoeDmnHXkNCRmMW0gwFWDfEZDA=
github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
+github.com/buildkite/agent/v3 v3.49.0 h1:FSmRQz8YFhaCXg4MfE7JucPcY7mQ/HWM55ir1j3E9qM=
+github.com/buildkite/agent/v3 v3.49.0/go.mod h1:iasSyh3KPjOPCnyvnZB1trkkX7jrdL8PnLBgjdVJxgU=
github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
github.com/bytecodealliance/wasmtime-go v0.27.0 h1:b/mvyw1YJSwF5zNxqLH9V24ENkZGAvp+KgIKHOFHk1c=
github.com/bytecodealliance/wasmtime-go v0.27.0/go.mod h1:q320gUxqyI8yB+ZqRuaJOEnGkAnHh6WtJjMaT2CW4wI=
@@ -322,8 +344,8 @@ github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc
github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
-github.com/coreos/go-oidc/v3 v3.5.0 h1:VxKtbccHZxs8juq7RdJntSqtXFtde9YpNpGn0yqgEHw=
-github.com/coreos/go-oidc/v3 v3.5.0/go.mod h1:ecXRtV4romGPeO6ieExAsUK9cb/3fp9hXNz1tlv8PIM=
+github.com/coreos/go-oidc/v3 v3.6.0 h1:AKVxfYw1Gmkn/w96z0DbT/B/xFnzTd3MkZvWLjF4n/o=
+github.com/coreos/go-oidc/v3 v3.6.0/go.mod h1:ZpHUsHBucTUj6WOkrP4E20UPynbLZzhTQ1XKCXkxyPc=
github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
@@ -342,7 +364,6 @@ github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7/g
github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI=
github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
github.com/daixiang0/gci v0.2.8/go.mod h1:+4dZ7TISfSmqfAGv59ePaHfNzgGtIkHAhhdKggP1JAc=
-github.com/danieljoos/wincred v1.0.2/go.mod h1:SnuYRW9lp1oJrZX/dXJqr0cPK5gYXqx3EJbmjhLdK9U=
github.com/danieljoos/wincred v1.1.2/go.mod h1:GijpziifJoIBfYh+S7BbkdUTU4LfM+QnGqR5Vl2tAx0=
github.com/davecgh/go-spew v0.0.0-20161028175848-04cdfd42973b/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -356,12 +377,18 @@ github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZm
github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48 h1:fRzb/w+pyskVMQ+UbP35JkH8yB7MYb4q/qhBarqZE6g=
github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA=
+github.com/digitorus/pkcs7 v0.0.0-20221019075359-21b8b40e6bb4/go.mod h1:SKVExuS+vpu2l9IoOc0RwqE7NYnb0JlcFHFnEJkVDzc=
+github.com/digitorus/pkcs7 v0.0.0-20221212123742-001c36b64ec3 h1:rjCXeRWazGsbcBlExMcAW8H1LGdgJ9r619y7+aeKgds=
+github.com/digitorus/pkcs7 v0.0.0-20221212123742-001c36b64ec3/go.mod h1:SKVExuS+vpu2l9IoOc0RwqE7NYnb0JlcFHFnEJkVDzc=
+github.com/digitorus/timestamp v0.0.0-20221019182153-ef3b63b79b31 h1:3go0tpsBpbs9L/oysk3jDwRprlLRRkpSU7YxKlTfU+o=
+github.com/digitorus/timestamp v0.0.0-20221019182153-ef3b63b79b31/go.mod h1:6V2ND8Yf8TOJ4h+9pmUlx8kXvNLBB2QplToVVZQ3rF0=
github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
github.com/distribution/distribution v2.8.2+incompatible h1:k9+4DKdOG+quPFZXT/mUsiQrGu9vYCp+dXpuPkuqhk8=
github.com/distribution/distribution v2.8.2+incompatible/go.mod h1:EgLm2NgWtdKgzF9NpMzUKgzmR7AMmb0VQi2B+ZzDRjc=
github.com/djherbis/times v1.5.0 h1:79myA211VwPhFTqUk8xehWrsEO+zcIZj0zT8mXPVARU=
github.com/djherbis/times v1.5.0/go.mod h1:5q7FDLvbNg1L/KaBmPcWlVR9NmoKo3+ucqUA3ijQhA0=
+github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
github.com/docker/cli v24.0.0+incompatible h1:0+1VshNwBQzQAx9lOl+OYCTCEAD8fKs/qeXMx3O0wqM=
github.com/docker/cli v24.0.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
@@ -423,7 +450,7 @@ github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHqu
github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI=
github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4=
github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20=
-github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
+github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY=
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=
@@ -433,6 +460,8 @@ github.com/fullstorydev/grpcurl v1.6.0/go.mod h1:ZQ+ayqbKMJNhzLmbpCiurTVlaK2M/3n
github.com/fxamacker/cbor/v2 v2.4.0 h1:ri0ArlOR+5XunOP8CRUowT0pSJOwhW098ZCUyskZD88=
github.com/fxamacker/cbor/v2 v2.4.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo=
github.com/fzipp/gocyclo v0.3.1/go.mod h1:DJHO6AUmbdqj2ET4Z9iArSuwWgYDRryYt2wASxc7x3E=
+github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU=
+github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA=
github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/ghodss/yaml v0.0.0-20180820084758-c7ce16629ff4/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
@@ -504,15 +533,15 @@ github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En
github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g=
github.com/go-openapi/loads v0.21.2 h1:r2a/xFIYeZ4Qd2TnGpWDIQNcP80dIaZgf704za8enro=
github.com/go-openapi/loads v0.21.2/go.mod h1:Jq58Os6SSGz0rzh62ptiu8Z31I+OTHqmULx5e/gJbNw=
-github.com/go-openapi/runtime v0.25.0 h1:7yQTCdRbWhX8vnIjdzU8S00tBYf7Sg71EBeorlPHvhc=
-github.com/go-openapi/runtime v0.25.0/go.mod h1:Ux6fikcHXyyob6LNWxtE96hWwjBPYF0DXgVFuMTneOs=
+github.com/go-openapi/runtime v0.26.0 h1:HYOFtG00FM1UvqrcxbEJg/SwvDRvYLQKGhw2zaQjTcc=
+github.com/go-openapi/runtime v0.26.0/go.mod h1:QgRGeZwrUcSHdeh4Ka9Glvo0ug1LC5WyE+EV88plZrQ=
github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
github.com/go-openapi/spec v0.19.5/go.mod h1:Hm2Jr4jv8G1ciIAo+frC/Ft+rR2kQDh8JHKHb3gWUSk=
github.com/go-openapi/spec v0.20.3/go.mod h1:gG4F8wdEDN+YPBMVnzE85Rbhf+Th2DTvA9nFPQ5AYEg=
github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7FOEWeq8I=
github.com/go-openapi/spec v0.20.6/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA=
-github.com/go-openapi/spec v0.20.8 h1:ubHmXNY3FCIOinT8RNrrPfGc9t7I1qhPtdOGoG2AxRU=
-github.com/go-openapi/spec v0.20.8/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA=
+github.com/go-openapi/spec v0.20.9 h1:xnlYNQAwKd2VQRRfwTEI0DcK+2cbuvI/0c7jx3gA8/8=
+github.com/go-openapi/spec v0.20.9/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA=
github.com/go-openapi/strfmt v0.21.0/go.mod h1:ZRQ409bWMj+SOgXofQAGTIo2Ebu72Gs+WaRADcS5iNg=
github.com/go-openapi/strfmt v0.21.1/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k=
github.com/go-openapi/strfmt v0.21.3/go.mod h1:k+RzNO0Da+k3FrrynSNN8F7n/peCmQQqbbXjtDfvmGg=
@@ -523,8 +552,9 @@ github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh
github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
-github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
+github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU=
+github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
github.com/go-openapi/validate v0.22.1 h1:G+c2ub6q47kfX1sOBLwIQwzBVt8qmOAARyo/9Fqs9NU=
github.com/go-openapi/validate v0.22.1/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg=
github.com/go-piv/piv-go v1.11.0 h1:5vAaCdRTFSIW4PeqMbnsDlUZ7odMYWnHBDGdmtU/Zhg=
@@ -534,10 +564,10 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o
github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.12.0 h1:E4gtWgxWxp8YSxExrQFv5BpCahla0PVF2oTTEYaWQGI=
-github.com/go-playground/validator/v10 v10.12.0/go.mod h1:hCAPuzYvKdP33pxWa+2+6AIKXEKqjIUyqsNCtbsSJrA=
+github.com/go-playground/validator/v10 v10.14.0 h1:vgvQWe3XCz3gIeFDm/HnTIbj6UGmg/+t63MyGU2n5js=
+github.com/go-playground/validator/v10 v10.14.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
github.com/go-redis/redis v6.15.8+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
-github.com/go-rod/rod v0.112.6 h1:zMirUmhsBeshMWyf285BD0UGtGq54HfThLDGSjcP3lU=
+github.com/go-rod/rod v0.113.3 h1:oLiKZW721CCMwA5g7977cWfcAKQ+FuosP47Zf1QiDrA=
github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
@@ -581,7 +611,6 @@ github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/V
github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw=
github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
-github.com/godbus/dbus v4.1.0+incompatible/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
github.com/gofrs/flock v0.8.0/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s=
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
@@ -635,7 +664,6 @@ github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg
github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/golang/snappy v0.0.2/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2/go.mod h1:k9Qvh+8juN+UKMCS/3jFtGICgW8O96FVaZsaxdzDkR4=
@@ -656,8 +684,8 @@ github.com/google/cel-go v0.12.6 h1:kjeKudqV0OygrAqA9fX6J55S8gj+Jre2tckIm5RoG4M=
github.com/google/cel-go v0.12.6/go.mod h1:Jk7ljRzLBhkmiAwBoUxB1sZSCVBAzkqPF25olK/iRDw=
github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg=
github.com/google/certificate-transparency-go v1.1.1/go.mod h1:FDKqPvSXawb2ecErVRrD+nfy23RCzyl7eqVCEmlT1Zs=
-github.com/google/certificate-transparency-go v1.1.4 h1:hCyXHDbtqlr/lMXU0D4WgbalXL0Zk4dSWWMbPV8VrqY=
-github.com/google/certificate-transparency-go v1.1.4/go.mod h1:D6lvbfwckhNrbM9WVl1EVeMOyzC19mpIjMOI4nxBHtQ=
+github.com/google/certificate-transparency-go v1.1.6 h1:SW5K3sr7ptST/pIvNkSVWMiJqemRmkjJPPT0jzXdOOY=
+github.com/google/certificate-transparency-go v1.1.6/go.mod h1:0OJjOsOk+wj6aYQgP7FU0ioQ0AJUmnWPFMqTjQeazPQ=
github.com/google/flatbuffers v1.12.1 h1:MVlul7pQNoDzWRLTw5imwYsl+usrS1TXG2H4jg6ImGw=
github.com/google/gnostic v0.6.9 h1:ZK/5VhkoX835RikCHpSUJV9a+S3e1zLh59YnyWeBW+0=
github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E=
@@ -680,8 +708,8 @@ github.com/google/go-containerregistry v0.16.1 h1:rUEt426sR6nyrL3gt+18ibRcvYpKYd
github.com/google/go-containerregistry v0.16.1/go.mod h1:u0qB2l7mvtWVR5kNcbFIhFY1hLbf8eeGapA+vbFDCtQ=
github.com/google/go-containerregistry/pkg/authn/kubernetes v0.0.0-20230403180904-b8d1c0a1df12 h1:LLLVB/7zCZVKI27rqA7bbZHZJxH1lL2jbLxdomX1Eew=
github.com/google/go-containerregistry/pkg/authn/kubernetes v0.0.0-20230403180904-b8d1c0a1df12/go.mod h1:CSeefFZsOfyNrYGXDafpWNkf3tUz17nKReR5INPRaMI=
-github.com/google/go-github/v45 v45.2.0 h1:5oRLszbrkvxDDqBCNj2hjDZMKmvexaZ1xw/FCD+K3FI=
-github.com/google/go-github/v45 v45.2.0/go.mod h1:FObaZJEDSTa/WGCzZ2Z3eoCDXWJKMenWWTrd8jrta28=
+github.com/google/go-github/v50 v50.2.0 h1:j2FyongEHlO9nxXLc+LP3wuBSVU9mVxfpdYUexMpIfk=
+github.com/google/go-github/v50 v50.2.0/go.mod h1:VBY8FB6yPIjrtKhozXv4FQupxKLS6H4m6xFZlT43q8Q=
github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -705,27 +733,26 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe
github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
+github.com/google/pprof v0.0.0-20221103000818-d260c55eee4c h1:lvddKcYTQ545ADhBujtIJmqQrZBDsGo7XIMbAQe/sNY=
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/google/s2a-go v0.1.3 h1:FAgZmpLl/SXurPEZyCMPBIiiYeTbqfjlbdnCNTAkbGE=
-github.com/google/s2a-go v0.1.3/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
+github.com/google/s2a-go v0.1.4 h1:1kZ/sQM3srePvKs3tXAvQzo66XfcReoqFpIpIccE7Oc=
+github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
+github.com/google/tink/go v1.7.0 h1:6Eox8zONGebBFcCBqkVmt60LaWZa6xg1cl/DwAh/J1w=
github.com/google/trillian v1.3.11/go.mod h1:0tPraVHrSDkA3BO6vKX67zgLXs6SsOAbHEivX+9mPgw=
-github.com/google/trillian v1.5.1 h1:2p1l13f0eWd7eOShwarwIxutYYnGzY/5S+xYewQIPkU=
-github.com/google/trillian v1.5.1/go.mod h1:EcDttN8nf+EoAiyLigBAp9ebncZI6rhJPyxZ+dQ6HSo=
github.com/google/uuid v0.0.0-20161128191214-064e2069ce9c/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.2.3 h1:yk9/cqRKtT9wXZSsRH9aurXEpJX+U6FLtpYTdC3R06k=
-github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
+github.com/googleapis/enterprise-certificate-proxy v0.2.4 h1:uGy6JWR/uMIILU8wbf+OkstIrNiMjGpEIyhx8f6W7s4=
+github.com/googleapis/enterprise-certificate-proxy v0.2.4/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/googleapis/gax-go/v2 v2.8.0 h1:UBtEZqx1bjXtOQ5BVTkuYghXrr3N4V123VKJK67vJZc=
-github.com/googleapis/gax-go/v2 v2.8.0/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI=
+github.com/googleapis/gax-go/v2 v2.11.0 h1:9V9PWXEsWnPpQhu/PeQIkS4eGzMlTLGgt80cUUI8Ki4=
+github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI=
github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU=
github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
@@ -742,7 +769,6 @@ github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2z
github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
-github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
github.com/gostaticanalysis/analysisutil v0.0.0-20190318220348-4088753ea4d3/go.mod h1:eEOZF4jCKGi+aprrirO9e7WKB3beBRtWgqGunKl6pKE=
@@ -811,9 +837,8 @@ github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO
github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
-github.com/hashicorp/vault/api v1.9.0 h1:ab7dI6W8DuCY7yCU8blo0UCYl2oHre/dloCmzMWg9w8=
-github.com/hashicorp/vault/api v1.9.0/go.mod h1:lloELQP4EyhjnCQhF8agKvWIVTmxbpEJj70b98959sM=
-github.com/howeyc/gopass v0.0.0-20190910152052-7cb4b85ec19c/go.mod h1:lADxMC39cJJqL93Duh1xhAs4I2Zs8mKS89XWXFGp9cs=
+github.com/hashicorp/vault/api v1.9.2 h1:YjkZLJ7K3inKgMZ0wzCU9OHqc+UqMQyXsPXnf3Cl2as=
+github.com/hashicorp/vault/api v1.9.2/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8=
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
github.com/huandu/xstrings v1.0.0/go.mod h1:4qWG/gcEcfX4z/mBDHJ++3ReCw9ibxbsNJbcucJdbSo=
github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4=
@@ -829,8 +854,8 @@ github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH
github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM=
github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
-github.com/in-toto/in-toto-golang v0.6.0 h1:1s7cyzb5zGyzKPLgFsi4sC0o3EA24HLKlne8BrnOrSc=
-github.com/in-toto/in-toto-golang v0.6.0/go.mod h1:NaFLcsxtvZgbwQpyHwK8MlDXN9b+NuOMXqeIqxzfBoA=
+github.com/in-toto/in-toto-golang v0.9.0 h1:tHny7ac4KgtsfrG6ybU8gVOZux2H8jN05AXJ9EBM1XU=
+github.com/in-toto/in-toto-golang v0.9.0/go.mod h1:xsBVrVsHNsB61++S6Dy2vWosKhuA3lUTQd+eF9HdeMo=
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
@@ -839,8 +864,8 @@ github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOl
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
github.com/jedisct1/go-minisign v0.0.0-20230211184525-1f273d8dc776 h1:WXhZ7psl6HhDDW58rDWIJE6oB0ETjaQA4U6d8U7lMyg=
github.com/jedisct1/go-minisign v0.0.0-20230211184525-1f273d8dc776/go.mod h1:09CTTv5TZgz94QHts03Xnuzy5LmxCE8BNqQRFigO5gA=
-github.com/jellydator/ttlcache/v2 v2.11.1 h1:AZGME43Eh2Vv3giG6GeqeLeFXxwxn1/qHItqWZl6U64=
-github.com/jellydator/ttlcache/v2 v2.11.1/go.mod h1:RtE5Snf0/57e+2cLWFYWCCsLas2Hy3c5Z4n14XmSvTI=
+github.com/jellydator/ttlcache/v3 v3.0.1 h1:cHgCSMS7TdQcoprXnWUptJZzyFsqs18Lt8VVhRuZYVU=
+github.com/jellydator/ttlcache/v3 v3.0.1/go.mod h1:WwTaEmcXQ3MTjOm4bsZoDFiCu/hMvNWLO1w67RXz6h4=
github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
github.com/jgautheron/goconst v1.4.0/go.mod h1:aAosetZ5zaeC/2EfMeRswtxUFBpe2Hr7HzkgX4fanO4=
github.com/jhump/protoreflect v1.6.1/go.mod h1:RZQ/lnuN+zqeRVpQigTwO6o0AJUkxbnSnpuG7toUTG4=
@@ -924,15 +949,15 @@ github.com/ldez/gomoddirectives v0.2.1/go.mod h1:sGicqkRgBOg//JfpXwkB9Hj0X5RyJ7m
github.com/ldez/tagliatelle v0.2.0/go.mod h1:8s6WJQwEYHbKZDsp/LjArytKOG8qaMrKQQ3mFukHs88=
github.com/lensesio/tableprinter v0.0.0-20201125135848-89e81fc956e7 h1:k/1ku0yehLCPqERCHkIHMDqDg1R02AcCScRuHbamU3s=
github.com/lensesio/tableprinter v0.0.0-20201125135848-89e81fc956e7/go.mod h1:YR/zYthNdWfO8+0IOyHDcIDBBBS2JMnYUIwSsnwmRqU=
-github.com/leodido/go-urn v1.2.2 h1:7z68G0FCGvDk646jz1AelTYNYWrTNm0bEcFAo147wt4=
-github.com/leodido/go-urn v1.2.2/go.mod h1:kUaIbLZWttglzwNuG0pgsh5vuV6u2YcGBYz1hIPjtOQ=
+github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q=
+github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4=
github.com/letsencrypt/boulder v0.0.0-20230331213904-8c67769be400 h1:MCvRs18gGwUDcIt/3FFEOyaujL0emWNBmJLYuYqzk2g=
github.com/letsencrypt/boulder v0.0.0-20230331213904-8c67769be400/go.mod h1:fSFykYyAT0KcvYiaxt4trooef9ZSghqvtArlLSazmYk=
github.com/letsencrypt/pkcs11key/v4 v4.0.0/go.mod h1:EFUvBDay26dErnNb70Nd0/VW3tJiIbETBPTl9ATXQag=
github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
github.com/lib/pq v1.8.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
github.com/lib/pq v1.9.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
-github.com/lib/pq v1.10.7 h1:p7ZhMD+KsSRozJr34udlUrhboJwWAgCg34+/ZZNvZZw=
+github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM=
@@ -1061,6 +1086,8 @@ github.com/notaryproject/notation-core-go v1.0.0 h1:FgOAihtFW4XU9JYyTzItg1xW3OaN
github.com/notaryproject/notation-core-go v1.0.0/go.mod h1:eoHFJ2e6b31GZO9hckCms5kfXvHLTySvJ1QwRLB9ZCk=
github.com/notaryproject/notation-go v1.0.0 h1:pH+0NVmZu1IhE8zUhK9Oxna3OlHNdy+crNntnuCiThs=
github.com/notaryproject/notation-go v1.0.0/go.mod h1:NpfUnDt94vLSCJ8fAWplgTbf3fmq3JLSEnjDFl7j16U=
+github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 h1:Up6+btDp321ZG5/zdSLo48H9Iaq0UQGthrhWC6pCxzE=
+github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481/go.mod h1:yKZQO8QE2bHlgozqWDiRVqTFlLQSj30K/6SAK8EeYFw=
github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
@@ -1105,8 +1132,8 @@ github.com/open-policy-agent/gatekeeper v0.0.0-20210824170141-dd97b8a7e966 h1:p8
github.com/open-policy-agent/gatekeeper v0.0.0-20210824170141-dd97b8a7e966/go.mod h1:JO6AV/tyZ/MsNGsvnjTK6lGpiJyMLtt7UxkT6Eq9kDE=
github.com/open-policy-agent/opa v0.24.0/go.mod h1:qEyD/i8j+RQettHGp4f86yjrjvv+ZYia+JHCMv2G7wA=
github.com/open-policy-agent/opa v0.29.4/go.mod h1:ZCOTD3yyFR8JvF8ETdWdiSPn9WcF1dXeQWOv7VoPorU=
-github.com/open-policy-agent/opa v0.51.0 h1:2hS5xhos8HtkN+mgpqMhNJSFtn/1n/h3wh+AeTPJg6Q=
-github.com/open-policy-agent/opa v0.51.0/go.mod h1:OjmwLfXdeR7skSxrt8Yd3ScXTqPxyJn7GeTRJrcEerU=
+github.com/open-policy-agent/opa v0.52.0 h1:Rv3F+VCDqsufaiYy/3S9/Iuk0yfcREK4iZmWbNsKZjA=
+github.com/open-policy-agent/opa v0.52.0/go.mod h1:2n99s7WY/BXZUWUOq10JdTgK+G6XM4FYGoe7kQ5Vg0s=
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
github.com/opencontainers/image-spec v1.1.0-rc4 h1:oOxKUJWnFC4YGHCCMNql1x4YaDfYBTS5Y4x/Cgeo1E0=
@@ -1126,10 +1153,12 @@ github.com/orcaman/concurrent-map/v2 v2.0.1/go.mod h1:9Eq3TG2oBe5FirmYWQfYO5iH1q
github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM=
github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
+github.com/pborman/uuid v1.2.1 h1:+ZZIw58t/ozdjRaXh/3awHfmWRbzYxJoAdNJxe/3pvw=
+github.com/pborman/uuid v1.2.1/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE=
-github.com/pelletier/go-toml/v2 v2.0.7 h1:muncTPStnKRos5dpVKULv2FVd4bMOhNePj9CjgDb8Us=
-github.com/pelletier/go-toml/v2 v2.0.7/go.mod h1:eumQOmlWiOPt5WriQQqoM5y18pDHwha2N+QD+EUNTek=
+github.com/pelletier/go-toml/v2 v2.0.8 h1:0ctb6s9mE31h0/lhu+J6OPmVeDxJn+kYnJc2jZR9tGQ=
+github.com/pelletier/go-toml/v2 v2.0.8/go.mod h1:vuYfssBdrU2XDZ9bYydBu6t+6a6PYNcZljzZR9VXg+4=
github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac=
github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
@@ -1139,6 +1168,8 @@ github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0
github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4=
github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI=
+github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU=
+github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI=
github.com/pkg/errors v0.0.0-20181023235946-059132a15dd0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -1215,7 +1246,6 @@ github.com/quasilyte/go-ruleguard/dsl v0.3.2/go.mod h1:KeCP03KrjuSO0H1kTuZQCWlQP
github.com/quasilyte/go-ruleguard/rules v0.0.0-20201231183845-9e62ed36efe1/go.mod h1:7JTjp89EGyU1d6XfBiXihJNG37wB2VRkd125Q1u7Plc=
github.com/quasilyte/go-ruleguard/rules v0.0.0-20210203162857-b223e0831f88/go.mod h1:4cgAphtvu7Ftv7vOT2ZOYhC6CvBxZixcasr8qIOTA50=
github.com/quasilyte/regex/syntax v0.0.0-20200407221936-30656e2c4a95/go.mod h1:rlzQ04UMyJXu/aOvhd8qT+hvDrFpiwqp8MRXDY9szc0=
-github.com/qur/ar v0.0.0-20130629153254-282534b91770/go.mod h1:SjlYv2m9lpV0UW6K7lDqVJwEIIvSjaHbGk7nIfY8Hxw=
github.com/r3labs/diff v1.1.0 h1:V53xhrbTHrWFWq3gI4b94AjgEJOerO1+1l0xyHOBi8M=
github.com/r3labs/diff v1.1.0/go.mod h1:7WjXasNzi0vJetRcB/RqNl5dlIsmXcTTLmF5IoH6Xig=
github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
@@ -1238,7 +1268,6 @@ github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/rwtodd/Go.Sed v0.0.0-20210816025313-55464686f9ef/go.mod h1:8AEUvGVi2uQ5b24BIhcr0GCcpd/RNAFWaN2CJFrWIIQ=
github.com/ryancurrah/gomodguard v1.2.0/go.mod h1:rNqbC4TOIdUDcVMSIpNNAzTbzXAZa6W5lnUepvuMMgQ=
github.com/ryanrolds/sqlclosecheck v0.3.0/go.mod h1:1gREqxyTGR3lVtpngyFo3hZAgk0KCtEdgEkHwDbigdA=
github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
@@ -1247,13 +1276,11 @@ github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkB
github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E=
github.com/sanposhiho/wastedassign v1.0.0/go.mod h1:LGpq5Hsv74QaqM47WtIsRSF/ik9kqk07kchgv66tLVE=
-github.com/sassoftware/go-rpmutils v0.1.1/go.mod h1:euhXULoBpvAxqrBHEyJS4Tsu3hHxUmQWNymxoJbzgUY=
-github.com/sassoftware/relic v0.0.0-20210427151427-dfb082b79b74 h1:sUNzanSKA9z/h8xXl+ZJoxIYZL0Qx306MmxqRrvUgr0=
-github.com/sassoftware/relic v0.0.0-20210427151427-dfb082b79b74/go.mod h1:YlB8wFIZmFLZ1JllNBfSURzz52fBxbliNgYALk1UDmk=
-github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
+github.com/sassoftware/relic v7.2.1+incompatible h1:Pwyh1F3I0r4clFJXkSI8bOyJINGqpgjJU3DYAZeI05A=
+github.com/sassoftware/relic v7.2.1+incompatible/go.mod h1:CWfAxv73/iLZ17rbyhIEq3K9hs5w6FpNMdUT//qR+zk=
github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
-github.com/secure-systems-lab/go-securesystemslib v0.4.0 h1:b23VGrQhTA8cN2CbBw7/FulN9fTtqYUdS5+Oxzt+DUE=
-github.com/secure-systems-lab/go-securesystemslib v0.4.0/go.mod h1:FGBZgq2tXWICsxWQW1msNf49F0Pf2Op5Htayx335Qbs=
+github.com/secure-systems-lab/go-securesystemslib v0.6.0 h1:T65atpAVCJQK14UA57LMdZGpHi4QYSH/9FZyNGqMYIA=
+github.com/secure-systems-lab/go-securesystemslib v0.6.0/go.mod h1:8Mtpo9JKks/qhPG4HGZ2LGMvrPbzuxwfz/f/zLfEWkk=
github.com/securego/gosec/v2 v2.7.0/go.mod h1:xNbGArrGUspJLuz3LS5XCY1EBW/0vABAl/LWfSklmiM=
github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c=
github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE=
@@ -1269,16 +1296,26 @@ github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFR
github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk=
github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ=
github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
-github.com/sigstore/cosign v1.13.1 h1:+5oF8jisEcDw2TuXxCADC1u5//HfdnJhGbpv9Isiwu4=
-github.com/sigstore/cosign v1.13.1/go.mod h1:PlfJODkovUOKsLrGI7Su57Ie/Eb/Ks7hRHw3tn5hQS4=
-github.com/sigstore/fulcio v1.1.0 h1:mzzJ05Ccu8Y2inyioklNvc8MpzlGHxu8YqNeTm0dHfU=
-github.com/sigstore/fulcio v1.1.0/go.mod h1:zv1ZQTXZbUwQdRwajlQksc34pRas+2aZYpIZoQBNev8=
-github.com/sigstore/k8s-manifest-sigstore v0.4.4 h1:7ae///+L0nqFBsRwr26anJc5bnJxoDXCGhVHXQB1GSo=
-github.com/sigstore/k8s-manifest-sigstore v0.4.4/go.mod h1:PJSnSF8Nh7PqV4xhU3BRweqEFwGvJq6Xi2B5yhYjxb0=
-github.com/sigstore/rekor v1.0.1 h1:rcESXSNkAPRWFYZel9rarspdvneET60F2ngNkadi89c=
-github.com/sigstore/rekor v1.0.1/go.mod h1:ecTKdZWGWqE1pl3U1m1JebQJLU/hSjD9vYHOmHQ7w4g=
-github.com/sigstore/sigstore v1.5.2 h1:rvZSPJDH2ysoc8kjW9v4nv1UX3XwSA8y4x6Dk7hA0D4=
-github.com/sigstore/sigstore v1.5.2/go.mod h1:wxhp9KoaOpeb1VLKILruD283KJqPSqX+3TuBByVDZ6E=
+github.com/sigstore/cosign/v2 v2.1.1 h1:HOI6pWaEie0wLituDWWaqC5U9MaXablKNf6QroVhj6k=
+github.com/sigstore/cosign/v2 v2.1.1/go.mod h1:S9KGmdQ/Dd29TdgUwGCNeXR7scJWZwREh4A9Za2PRPY=
+github.com/sigstore/fulcio v1.3.1 h1:0ntW9VbQbt2JytoSs8BOGB84A65eeyvGSavWteYp29Y=
+github.com/sigstore/fulcio v1.3.1/go.mod h1:/XfqazOec45ulJZpyL9sq+OsVQ8g2UOVoNVi7abFgqU=
+github.com/sigstore/k8s-manifest-sigstore v0.5.1 h1:jGYuk6LXJm/GzZB/RR2RZ23T84BCP/j96jmhWRV2Q+g=
+github.com/sigstore/k8s-manifest-sigstore v0.5.1/go.mod h1:YL1Yf0ta9jDxYimhZP/DGGaiwMG1CrKupOqfOdMk5d8=
+github.com/sigstore/rekor v1.2.2-0.20230530122220-67cc9e58bd23 h1:eZY7mQFcc0VvNr0fiAK3/n7kh73+T06KzBEIUYzFSDQ=
+github.com/sigstore/rekor v1.2.2-0.20230530122220-67cc9e58bd23/go.mod h1:h1tOLhldpfILtziWpUDgGBu0vulWk9Kh72t6XzBGJok=
+github.com/sigstore/sigstore v1.7.1 h1:fCATemikcBK0cG4+NcM940MfoIgmioY1vC6E66hXxks=
+github.com/sigstore/sigstore v1.7.1/go.mod h1:0PmMzfJP2Y9+lugD0wer4e7TihR5tM7NcIs3bQNk5xg=
+github.com/sigstore/sigstore/pkg/signature/kms/aws v1.7.1 h1:rDHrG/63b3nBq3G9plg7iYnWN6lBhOfq/XultlCZgII=
+github.com/sigstore/sigstore/pkg/signature/kms/aws v1.7.1/go.mod h1:hl0LRidnJG1uL1lLSHGEjcs+MxLjT65NJ7pX/TQDIsk=
+github.com/sigstore/sigstore/pkg/signature/kms/azure v1.7.1 h1:X3ezwolP+b1jP3R6XPOWhUU0TZKONiv6EIRuySlZGrY=
+github.com/sigstore/sigstore/pkg/signature/kms/azure v1.7.1/go.mod h1:SG2NPEdX2Vi7CBp/o93kJqXrovkis/T9ou9oxZONyEA=
+github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.7.1 h1:mj1KhdzzP1me994bt1UXhq5KZGSR1SoqxTqcT+hfPMk=
+github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.7.1/go.mod h1:Z7LFrKKfj5ZPhy0YS9HcI4H6kbUQzBsE3e3hR+R3YY8=
+github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.7.1 h1:fhOToGY5fC5TY101an8i/oDYpoLzUJ1nUFwhnHA1+XY=
+github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.7.1/go.mod h1:SN4QZHHDs2VqXh5bRXrIi8vqLbOijIp2XoSlmV/WJ/c=
+github.com/sigstore/timestamp-authority v1.1.1 h1:EldrdeBED0edNzDMvYZDf5CyWgtSchtR9DKYyksNR8M=
+github.com/sigstore/timestamp-authority v1.1.1/go.mod h1:cEDLEHl/L3ppqKDaiZ3Cg4ikcaYleuq90I/BFNePzF0=
github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
@@ -1287,12 +1324,13 @@ github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrf
github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/sirupsen/logrus v1.9.1 h1:Ou41VVR3nMWWmTiEUnj0OlsgOSCUFgsPAOl6jRIcVtQ=
-github.com/sirupsen/logrus v1.9.1/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
github.com/skeema/knownhosts v1.2.0 h1:h9r9cf0+u7wSE+M183ZtMGgOJKiL96brpaz5ekfJCpM=
github.com/skeema/knownhosts v1.2.0/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo=
github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 h1:JIAuq3EEf9cgbU6AtGPK4CTG3Zf6CKMNqf0MHTggAUA=
github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog=
+github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 h1:unQFBIznI+VYD1/1fApl1A+9VcBk+9dcqGfnePY87LY=
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
github.com/smartystreets/assertions v1.1.0 h1:MkTeG1DMwsrdH7QtLXy5W+fUxWq+vmb6cLmyJ7aRtF0=
github.com/smartystreets/assertions v1.1.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo=
@@ -1309,12 +1347,11 @@ github.com/spf13/afero v1.9.5 h1:stMpOSZFs//0Lv29HduCmli3GUfpFoF3Y1Q/aXj/wVM=
github.com/spf13/afero v1.9.5/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ=
github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
-github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
+github.com/spf13/cast v1.5.1 h1:R+kOtfhWQE6TVQzY+4D7wJLBgkdVasCEFxSUBYBYIlA=
+github.com/spf13/cast v1.5.1/go.mod h1:b9PdjNptOpzXr7Rq1q9gJML/2cdGQAo69NKzQ10KN48=
github.com/spf13/cobra v0.0.0-20181021141114-fe5e611709b0/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
-github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
github.com/spf13/cobra v1.1.1/go.mod h1:WnodtKOvamDL/PwE2M4iKs8aMDBZ5Q5klgD3qfVJQMI=
github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo=
github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
@@ -1329,19 +1366,17 @@ github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnIn
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
-github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
github.com/spf13/viper v1.7.1/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
-github.com/spf13/viper v1.15.0 h1:js3yy885G8xwJa6iOISGFwd+qlUo5AvyXb7CiihdtiU=
-github.com/spf13/viper v1.15.0/go.mod h1:fFcTBJxvhhzSJiZy8n+PeW6t8l+KeT/uTARa0jHOQLA=
-github.com/spiffe/go-spiffe/v2 v2.1.3 h1:P5L9Ixo5eqJiHnktAU0UD/6UfHsQs7yAtc8a/FFUi9M=
-github.com/spiffe/go-spiffe/v2 v2.1.3/go.mod h1:eVDqm9xFvyqao6C+eQensb9ZPkyNEeaUbqbBpOhBnNk=
+github.com/spf13/viper v1.16.0 h1:rGGH0XDZhdUOryiDWjmIvUSWpbNqisK8Wk0Vyefw8hc=
+github.com/spf13/viper v1.16.0/go.mod h1:yg78JgCJcbrQOvV9YLXgkLaZqUidkY9K+Dd1FofRzQg=
+github.com/spiffe/go-spiffe/v2 v2.1.6 h1:4SdizuQieFyL9eNU+SPiCArH4kynzaKOOj0VvM8R7Xo=
+github.com/spiffe/go-spiffe/v2 v2.1.6/go.mod h1:eVDqm9xFvyqao6C+eQensb9ZPkyNEeaUbqbBpOhBnNk=
github.com/ssgreg/nlreturn/v2 v2.1.0/go.mod h1:E/iiPB78hV7Szg2YfRgyIrk1AD6JVMTRkkxBiELzh2I=
github.com/stoewer/go-strcase v1.2.0 h1:Z2iHWqGXH00XYgqDmNgQbIBxf3wrNq0F3feEy0ainaU=
github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
-github.com/streadway/amqp v1.0.0/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -1362,6 +1397,7 @@ github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1F
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
@@ -1374,8 +1410,6 @@ github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwD
github.com/tdakkota/asciicheck v0.0.0-20200416200610-e657995f937b/go.mod h1:yHp0ai0Z9gUljN3o0xMhYJnH/IcvkdTBOX2fmJ93JEM=
github.com/tektoncd/chains v0.15.0 h1:1x22WlNqiE7+HUBBkK6MbDi6rMqTirWWX3f/t8cDlbc=
github.com/tektoncd/chains v0.15.0/go.mod h1:PA0su6Q+acJh2eG6d4VK1s6Jq0lGRaQml2FSQDWVTiQ=
-github.com/tent/canonical-json-go v0.0.0-20130607151641-96e4ba3a7613 h1:iGnD/q9160NWqKZZ5vY4p0dMiYMRknzctfSkqA4nBDw=
-github.com/tent/canonical-json-go v0.0.0-20130607151641-96e4ba3a7613/go.mod h1:g6AnIpDSYMcphz193otpSIzN+11Rs+AAIIC6rm1enug=
github.com/tetafro/godot v1.4.6/go.mod h1:LR3CJpxDVGlYOWn3ZZg1PgNZdTUvzsZWu8xaEohUpn8=
github.com/thales-e-security/pool v0.0.2 h1:RAPs4q2EbWsTit6tpzuvTFlgFRJ3S8Evf5gtvVDbmPg=
github.com/thales-e-security/pool v0.0.2/go.mod h1:qtpMm2+thHtqhLzTwgDBj/OuNnMpupY8mv0Phz0gjhU=
@@ -1397,9 +1431,8 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20200427203606-3cfed13b9966/go.mod h1
github.com/tomarrell/wrapcheck/v2 v2.1.0/go.mod h1:crK5eI4RGSUrb9duDTQ5GqcukbKZvi85vX6nbhsBAeI=
github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4=
github.com/tommy-muehle/go-mnd/v2 v2.3.2/go.mod h1:WsUAkMJMYww6l/ufffCD3m+P7LEvr8TnZn9lwVDlgzw=
-github.com/transparency-dev/merkle v0.0.1 h1:T9/9gYB8uZl7VOJIhdwjALeRWlxUxSfDEysjfmx+L9E=
-github.com/transparency-dev/merkle v0.0.1/go.mod h1:B8FIw5LTq6DaULoHsVFRzYIUDkl8yuSwCdZnOZGKL/A=
-github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
+github.com/transparency-dev/merkle v0.0.2 h1:Q9nBoQcZcgPamMkGn7ghV8XiTZ/kRxn1yCG81+twTK4=
+github.com/transparency-dev/merkle v0.0.2/go.mod h1:pqSy+OXefQ1EDUVmAJ8MUhHB9TXGuzVAT58PqBoHz1A=
github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
github.com/ultraware/funlen v0.0.3/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lPbfaF6xhA=
github.com/ultraware/whitespace v0.0.4/go.mod h1:aVMh/gQve5Maj9hQ/hg+F75lr/X5A89uZnzAmWSineA=
@@ -1418,8 +1451,8 @@ github.com/veraison/go-cose v1.1.0/go.mod h1:7ziE85vSq4ScFTg6wyoMXjucIGOf4JkFEZi
github.com/viki-org/dnscache v0.0.0-20130720023526-c70c1f23c5d8/go.mod h1:dniwbG03GafCjFohMDmz6Zc6oCuiqgH6tGNyXTkHzXE=
github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
-github.com/xanzy/go-gitlab v0.81.0 h1:ofbhZ5ZY9AjHATWQie4qd2JfncdUmvcSA/zfQB767Dk=
-github.com/xanzy/go-gitlab v0.81.0/go.mod h1:VMbY3JIWdZ/ckvHbQqkyd3iYk2aViKrNIQ23IbFMQDo=
+github.com/xanzy/go-gitlab v0.86.0 h1:jR8V9cK9jXRQDb46KOB20NCF3ksY09luaG0IfXE6p7w=
+github.com/xanzy/go-gitlab v0.86.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw=
github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
@@ -1433,7 +1466,6 @@ github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
-github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos=
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ=
github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0=
@@ -1443,7 +1475,9 @@ github.com/yashtewari/glob-intersection v0.1.0 h1:6gJvMYQlTDOL3dMsPF6J0+26vwX9MB
github.com/yashtewari/glob-intersection v0.1.0/go.mod h1:LK7pIC3piUjovexikBbJ26Yml7g8xa5bsjfx2v1fwok=
github.com/yeya24/promlinter v0.1.0/go.mod h1:rs5vtZzeBHqqMwXqFScncpCF6u06lezhZepno9AB1Oc=
github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
+github.com/ysmood/fetchup v0.2.3 h1:ulX+SonA0Vma5zUFXtv52Kzip/xe7aj4vqT5AJwQ+ZQ=
github.com/ysmood/goob v0.4.0 h1:HsxXhyLBeGzWXnqVKtmT9qM7EuVs/XOgkX7T6r1o1AQ=
+github.com/ysmood/got v0.34.1 h1:IrV2uWLs45VXNvZqhJ6g2nIhY+pgIG1CUoOcqfXFl1s=
github.com/ysmood/gson v0.7.3 h1:QFkWbTH8MxyUTKPkVWAENJhxqdBa4lYTQWqZCiLG6kE=
github.com/ysmood/leakless v0.8.0 h1:BzLrVoiwxikpgEQR0Lk8NyBN5Cit2b1z+u0mgL4ZJak=
github.com/yudai/gojsondiff v1.0.0/go.mod h1:AY32+k2cwILAkW1fbgxQ5mUmMiZFgLIV+FBNExI05xg=
@@ -1458,7 +1492,6 @@ github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
github.com/zach-klippenstein/goregen v0.0.0-20160303162051-795b5e3961ea h1:CyhwejzVGvZ3Q2PSbQ4NRRYn+ZWv5eS1vlaEusT+bAI=
github.com/zach-klippenstein/goregen v0.0.0-20160303162051-795b5e3961ea/go.mod h1:eNr558nEUjP8acGw8FFjTeWvSgU1stO7FAO6eknhHe4=
-github.com/zalando/go-keyring v0.1.0/go.mod h1:RaxNwUITJaHVdQ0VC7pELPZ3tOWn13nr0gZMZEhpVU0=
github.com/zeebo/errs v1.3.0 h1:hmiaKqgYZzcVgRL1Vkc1Mn2914BbzB0IBxs+ebeutGs=
github.com/zeebo/errs v1.3.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4=
go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
@@ -1514,6 +1547,8 @@ go.opentelemetry.io/proto/otlp v0.19.0 h1:IVN6GR+mhC4s5yfcTbmzHYODqvWAp3ZedA2SJP
go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U=
go.starlark.net v0.0.0-20230302034142-4b1e35fe2254 h1:Ss6D3hLXTM0KobyBYEAygXzFfGcjnmfEJOBgSbemCtg=
go.starlark.net v0.0.0-20230302034142-4b1e35fe2254/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds=
+go.step.sm/crypto v0.32.1 h1:kAiL21zTqAgYu1geOYxH+ApUCUX+oclB25TccnNEYTU=
+go.step.sm/crypto v0.32.1/go.mod h1:JwarCq+Sn6N8IbRSKfSJfjUNKfO8c4N1mcNxYXuxXzc=
go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
@@ -1555,9 +1590,7 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
golang.org/x/crypto v0.0.0-20191219195013-becbf705a915/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200930160638-afb6bcd081ae/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
@@ -1631,7 +1664,6 @@ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -1659,7 +1691,6 @@ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81R
golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20200927032502-5d4f70055728/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200930145003-4acb6c075d10/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
@@ -1680,8 +1711,6 @@ golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su
golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
-golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
-golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
@@ -1697,9 +1726,8 @@ golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ
golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.3.0/go.mod h1:rQrIauxkUhJ6CuwEXwymO2/eh4xz2ZWF1nBkcxS+tGk=
-golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8=
-golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE=
+golang.org/x/oauth2 v0.9.0 h1:BPpt2kU7oMRq3kCHAA1tbSEshXRw1LpG2ztgDwrzuAs=
+golang.org/x/oauth2 v0.9.0/go.mod h1:qYgFZaFiu6Wg24azG8bdV52QJXJGbZzIIsRCdVKzbLw=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1709,7 +1737,6 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200930132711-30421366ff76/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1792,6 +1819,7 @@ golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210819135213-f52c844e1c1c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1814,7 +1842,6 @@ golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9sn
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
-golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0=
@@ -1830,7 +1857,6 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc=
@@ -1948,7 +1974,6 @@ golang.org/x/tools v0.0.0-20210104081019-d8d6ddbec6ee/go.mod h1:emZCQorbCU4vsT4f
golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20210112230658-8b4aab62c064/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
golang.org/x/tools v0.1.2-0.20210512205948-8287d5da45e4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
@@ -1985,8 +2010,8 @@ google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz513
google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
-google.golang.org/api v0.122.0 h1:zDobeejm3E7pEG1mNHvdxvjs5XJoCMzyNH+CmwL94Es=
-google.golang.org/api v0.122.0/go.mod h1:gcitW0lvnyWjSp9nKxAbdHKIZ6vF4aajGueeslZOyms=
+google.golang.org/api v0.128.0 h1:RjPESny5CnQRn9V6siglged+DZCgfu9l6mO9dkX9VOg=
+google.golang.org/api v0.128.0/go.mod h1:Y611qgqaE92On/7g65MQgxYul3c0rEB894kniWLY750=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -2045,12 +2070,12 @@ google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6D
google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20230526161137-0005af68ea54 h1:9NWlQfY2ePejTmfwUH1OWwmznFa+0kKcHGPDvcPza9M=
-google.golang.org/genproto v0.0.0-20230526161137-0005af68ea54/go.mod h1:zqTuNwFlFRsw5zIts5VnzLQxSRqh+CGOTVMlYbY0Eyk=
-google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9 h1:m8v1xLLLzMe1m5P+gCTF8nJB9epwZQUBERm20Oy1poQ=
-google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 h1:0nDDozoAU19Qb2HwhXadU8OcsiO/09cnTqhUtq2MEOM=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA=
+google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc h1:8DyZCyvI8mE1IdLy/60bS+52xfymkE72wv1asokgtao=
+google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:xZnkP7mREFX5MORlOPEzLMr+90PPZQ2QWzrVTWfAq64=
+google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc h1:kVKPf/IiYSBWEWtkIn6wZXwWGCnLKcC8oWfZvXjsGnM=
+google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc h1:XSJ8Vk1SWuNr8S18z1NZSziL0CPIXLCCMDOEFtHBOFc=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA=
google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
@@ -2095,7 +2120,6 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
@@ -2228,8 +2252,8 @@ sigs.k8s.io/kustomize/api v0.13.4 h1:E38Hfx0G9R9v7vRgKshviPotJQETG0S2gD3JdHLCAsI
sigs.k8s.io/kustomize/api v0.13.4/go.mod h1:Bkaavz5RKK6ZzP0zgPrB7QbpbBJKiHuD3BB0KujY7Ls=
sigs.k8s.io/kustomize/kyaml v0.14.2 h1:9WSwztbzwGszG1bZTziQUmVMrJccnyrLb5ZMKpJGvXw=
sigs.k8s.io/kustomize/kyaml v0.14.2/go.mod h1:AN1/IpawKilWD7V+YvQwRGUvuUOOWpjsHu6uHwonSF4=
-sigs.k8s.io/release-utils v0.7.3 h1:6pS8x6c5RmdUgR9qcg1LO6hjUzuE4Yo9TGZ3DemrZdM=
-sigs.k8s.io/release-utils v0.7.3/go.mod h1:n0mVez/1PZYZaZUTJmxewxH3RJ/Lf7JUDh7TG1CASOE=
+sigs.k8s.io/release-utils v0.7.4 h1:17LmJrydpUloTCtaoWj95uKlcrUp4h2A9Sa+ZL+lV9w=
+sigs.k8s.io/release-utils v0.7.4/go.mod h1:JEt2QPHItd5Pg2UKLAU8PEaSlF4bUjCZimpxFDgymVU=
sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
sigs.k8s.io/structured-merge-diff/v4 v4.1.0/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
sigs.k8s.io/structured-merge-diff/v4 v4.3.0 h1:UZbZAZfX0wV2zr7YZorDz6GXROfDFj6LvqCRm4VUVKk=
diff --git a/pkg/client/applyconfigurations/kyverno/v1/ctlog.go b/pkg/client/applyconfigurations/kyverno/v1/ctlog.go
index b1a968f779..5aafe91527 100644
--- a/pkg/client/applyconfigurations/kyverno/v1/ctlog.go
+++ b/pkg/client/applyconfigurations/kyverno/v1/ctlog.go
@@ -21,7 +21,10 @@ package v1
// CTLogApplyConfiguration represents an declarative configuration of the CTLog type for use
// with apply.
type CTLogApplyConfiguration struct {
- URL *string `json:"url,omitempty"`
+ URL *string `json:"url,omitempty"`
+ RekorPubKey *string `json:"pubkey,omitempty"`
+ IgnoreSCT *bool `json:"ignoreSCT,omitempty"`
+ IgnoreTlog *bool `json:"ignoreTlog,omitempty"`
}
// CTLogApplyConfiguration constructs an declarative configuration of the CTLog type for use with
@@ -37,3 +40,27 @@ func (b *CTLogApplyConfiguration) WithURL(value string) *CTLogApplyConfiguration
b.URL = &value
return b
}
+
+// WithRekorPubKey sets the RekorPubKey field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the RekorPubKey field is set to the value of the last call.
+func (b *CTLogApplyConfiguration) WithRekorPubKey(value string) *CTLogApplyConfiguration {
+ b.RekorPubKey = &value
+ return b
+}
+
+// WithIgnoreSCT sets the IgnoreSCT field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the IgnoreSCT field is set to the value of the last call.
+func (b *CTLogApplyConfiguration) WithIgnoreSCT(value bool) *CTLogApplyConfiguration {
+ b.IgnoreSCT = &value
+ return b
+}
+
+// WithIgnoreTlog sets the IgnoreTlog field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the IgnoreTlog field is set to the value of the last call.
+func (b *CTLogApplyConfiguration) WithIgnoreTlog(value bool) *CTLogApplyConfiguration {
+ b.IgnoreTlog = &value
+ return b
+}
diff --git a/pkg/cosign/client.go b/pkg/cosign/client.go
index dd4a086527..7a3c2ab053 100644
--- a/pkg/cosign/client.go
+++ b/pkg/cosign/client.go
@@ -4,8 +4,8 @@ import (
"context"
"github.com/google/go-containerregistry/pkg/name"
- "github.com/sigstore/cosign/pkg/cosign"
- "github.com/sigstore/cosign/pkg/oci"
+ "github.com/sigstore/cosign/v2/pkg/cosign"
+ "github.com/sigstore/cosign/v2/pkg/oci"
)
var client Cosign = &driver{}
diff --git a/pkg/cosign/cosign.go b/pkg/cosign/cosign.go
index 64ab5599e9..07e0ff5afd 100644
--- a/pkg/cosign/cosign.go
+++ b/pkg/cosign/cosign.go
@@ -16,17 +16,17 @@ import (
"github.com/kyverno/kyverno/pkg/tracing"
datautils "github.com/kyverno/kyverno/pkg/utils/data"
wildcard "github.com/kyverno/kyverno/pkg/utils/wildcard"
- "github.com/sigstore/cosign/cmd/cosign/cli/fulcio"
- "github.com/sigstore/cosign/cmd/cosign/cli/options"
- "github.com/sigstore/cosign/cmd/cosign/cli/rekor"
- "github.com/sigstore/cosign/pkg/cosign"
- "github.com/sigstore/cosign/pkg/cosign/attestation"
- "github.com/sigstore/cosign/pkg/oci"
- "github.com/sigstore/cosign/pkg/oci/remote"
- sigs "github.com/sigstore/cosign/pkg/signature"
+ "github.com/sigstore/cosign/v2/pkg/cosign"
+ "github.com/sigstore/cosign/v2/pkg/cosign/attestation"
+ "github.com/sigstore/cosign/v2/pkg/oci"
+ "github.com/sigstore/cosign/v2/pkg/oci/remote"
+ sigs "github.com/sigstore/cosign/v2/pkg/signature"
+ rekorclient "github.com/sigstore/rekor/pkg/client"
"github.com/sigstore/sigstore/pkg/cryptoutils"
+ "github.com/sigstore/sigstore/pkg/fulcioroots"
"github.com/sigstore/sigstore/pkg/signature"
"github.com/sigstore/sigstore/pkg/signature/payload"
+ "github.com/sigstore/sigstore/pkg/tuf"
"go.opentelemetry.io/otel/trace"
"go.uber.org/multierr"
)
@@ -94,11 +94,7 @@ func buildCosignOptions(ctx context.Context, opts images.Options) (*cosign.Check
"sha256": crypto.SHA256,
"sha512": crypto.SHA512,
}
- ro := options.RegistryOptions{}
- remoteOpts, err = ro.ClientOpts(ctx)
- if err != nil {
- return nil, fmt.Errorf("constructing client options: %w", err)
- }
+
remoteOpts = append(remoteOpts, opts.Client.BuildRemoteOption(ctx))
cosignOpts := &cosign.CheckOpts{
Annotations: map[string]interface{}{},
@@ -166,7 +162,7 @@ func buildCosignOptions(ctx context.Context, opts images.Options) (*cosign.Check
} else {
// if key, cert, and roots are not provided, default to Fulcio roots
if cosignOpts.RootCerts == nil {
- roots, err := fulcio.GetRoots()
+ roots, err := fulcioroots.Get()
if err != nil {
return nil, fmt.Errorf("failed to get roots from fulcio: %w", err)
}
@@ -178,11 +174,21 @@ func buildCosignOptions(ctx context.Context, opts images.Options) (*cosign.Check
}
}
- if opts.RekorURL != "" {
- cosignOpts.RekorClient, err = rekor.NewClient(opts.RekorURL)
- if err != nil {
- return nil, fmt.Errorf("failed to create Rekor client from URL %s: %w", opts.RekorURL, err)
- }
+ cosignOpts.IgnoreTlog = opts.IgnoreTlog
+ cosignOpts.RekorClient, err = rekorclient.GetRekorClient(opts.RekorURL)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create Rekor client from URL %s: %w", opts.RekorURL, err)
+ }
+
+ cosignOpts.RekorPubKeys, err = getRekorPubs(ctx, opts.RekorPubKey)
+ if err != nil {
+ return nil, fmt.Errorf("failed to load Rekor public keys: %w", err)
+ }
+
+ cosignOpts.IgnoreSCT = opts.IgnoreSCT
+ cosignOpts.CTLogPubKeys, err = cosign.GetCTLogPubs(ctx)
+ if err != nil {
+ return nil, fmt.Errorf("failed to load Rekor public keys: %w", err)
}
if opts.Repository != "" {
@@ -565,3 +571,15 @@ func checkAnnotations(payload []payload.SimpleContainerImage, annotations map[st
}
return nil
}
+
+func getRekorPubs(ctx context.Context, rekorPubKey string) (*cosign.TrustedTransparencyLogPubKeys, error) {
+ if rekorPubKey == "" {
+ return cosign.GetRekorPubs(ctx)
+ }
+
+ publicKeys := cosign.NewTrustedTransparencyLogPubKeys()
+ if err := publicKeys.AddTransparencyLogPubKey([]byte(rekorPubKey), tuf.Active); err != nil {
+ return nil, fmt.Errorf("AddRekorPubKey: %w", err)
+ }
+ return &publicKeys, nil
+}
diff --git a/pkg/cosign/cosign_test.go b/pkg/cosign/cosign_test.go
index 7dce759649..00690a60c7 100644
--- a/pkg/cosign/cosign_test.go
+++ b/pkg/cosign/cosign_test.go
@@ -11,9 +11,9 @@ import (
"github.com/google/go-containerregistry/pkg/v1/types"
"github.com/kyverno/kyverno/pkg/images"
"github.com/kyverno/kyverno/pkg/registryclient"
- "github.com/sigstore/cosign/pkg/cosign"
- "github.com/sigstore/cosign/pkg/cosign/bundle"
- "github.com/sigstore/cosign/pkg/oci"
+ "github.com/sigstore/cosign/v2/pkg/cosign"
+ "github.com/sigstore/cosign/v2/pkg/cosign/bundle"
+ "github.com/sigstore/cosign/v2/pkg/oci"
"gotest.tools/assert"
)
@@ -57,10 +57,23 @@ const keylessPayload = `{
}
}`
+const globalRekorPubKey = `-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2G2Y+2tabdTV5BcGiBIx0a9fAFwr
+kBbmLSGtks4L3qX6yYY0zufBnhC8Ur/iy55GhWP/9A/bY2LhC30M9+RYtw==
+-----END PUBLIC KEY-----
+`
+
+const wrongRekorPubKey = `-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoiR2ouEAp4JS/JIgkCVYCxpp/dMe
+4Mkc/92O8rbWs6xIAcIEju7+Z2yecpQH6RbztEVCZbBZhEVfMdRgWKOrrQ==
+-----END PUBLIC KEY-----`
+
func TestCosignPayload(t *testing.T) {
image := "registry-v2.nirmata.io/pause"
signedPayloads := cosign.SignedPayload{Payload: []byte(cosignPayload)}
- p, err := extractPayload([]oci.Signature{&sig{cosignPayload: signedPayloads}})
+ ociSig, err := getSignature(signedPayloads)
+ assert.NilError(t, err)
+ p, err := extractPayload([]oci.Signature{ociSig})
assert.NilError(t, err)
a := map[string]string{"foo": "bar"}
err = checkAnnotations(p, a)
@@ -71,7 +84,10 @@ func TestCosignPayload(t *testing.T) {
image2 := "ghcr.io/kyverno/test-verify-image"
signedPayloads2 := cosign.SignedPayload{Payload: []byte(keylessPayload)}
- signatures2 := []oci.Signature{&sig{cosignPayload: signedPayloads2}}
+ ociSig, err = getSignature(signedPayloads2)
+ assert.NilError(t, err)
+ signatures2 := []oci.Signature{ociSig}
+
p2, err := extractPayload(signatures2)
assert.NilError(t, err)
@@ -82,9 +98,11 @@ func TestCosignPayload(t *testing.T) {
func TestCosignKeyless(t *testing.T) {
opts := images.Options{
- ImageRef: "ghcr.io/jimbugwadia/pause2",
- Issuer: "https://github.com/",
- Subject: "jim",
+ ImageRef: "ghcr.io/jimbugwadia/pause2",
+ Issuer: "https://github.com/",
+ Subject: "jim",
+ RekorURL: "https://rekor.sigstore.dev",
+ IgnoreSCT: true,
}
rc, err := registryclient.New()
@@ -104,6 +122,29 @@ func TestCosignKeyless(t *testing.T) {
assert.NilError(t, err)
}
+func TestRekorPubkeys(t *testing.T) {
+ opts := images.Options{
+ ImageRef: "ghcr.io/jimbugwadia/pause2",
+ Issuer: "https://github.com/login/oauth",
+ Subject: "jim@nirmata.com",
+ RekorURL: "--INVALID--", // To avoid using the default rekor url as thats where signature is uploaded
+ RekorPubKey: wrongRekorPubKey,
+ IgnoreSCT: true,
+ }
+
+ rc, err := registryclient.New()
+ assert.NilError(t, err)
+ opts.Client = rc
+
+ verifier := &cosignVerifier{}
+ _, err = verifier.VerifySignature(context.TODO(), opts)
+ assert.ErrorContains(t, err, "rekor log public key not found for payload")
+
+ opts.RekorPubKey = globalRekorPubKey
+ _, err = verifier.VerifySignature(context.TODO(), opts)
+ assert.NilError(t, err)
+}
+
func TestCosignMatchCertificateData(t *testing.T) {
pem1 := "-----BEGIN CERTIFICATE-----\nMIIDtzCCAzygAwIBAgIUX9MdOHZMlRONmc0Iu3DtiLXLVLYwCgYIKoZIzj0EAwMw\nNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRl\ncm1lZGlhdGUwHhcNMjIxMDA3MTkyNDI0WhcNMjIxMDA3MTkzNDI0WjAAMFkwEwYH\nKoZIzj0CAQYIKoZIzj0DAQcDQgAE0+a5/FhwY4fREWP++3V4rciGiqWGRgHaiP1z\nSlWihKkU71sBVeTzjdrcN8wXzBAefqh5URBfCeE8pJRfQsVKxKOCAlswggJXMA4G\nA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUJy79\nhpkwHtXtLWOvFu/icY56bwgwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4Y\nZD8wbgYDVR0RAQH/BGQwYoZgaHR0cHM6Ly9naXRodWIuY29tL0ppbUJ1Z3dhZGlh\nL2RlbW8tamF2YS10b21jYXQvLmdpdGh1Yi93b3JrZmxvd3MvcHVibGlzaC55YW1s\nQHJlZnMvdGFncy92MC4wLjIyMDkGCisGAQQBg78wAQEEK2h0dHBzOi8vdG9rZW4u\nYWN0aW9ucy5naXRodWJ1c2VyY29udGVudC5jb20wEgYKKwYBBAGDvzABAgQEcHVz\naDA2BgorBgEEAYO/MAEDBChjNzY0NTI4NGZhN2FlYmU1NTQ2MThlZWU4NzliNGQ2\nOTQ3Zjg1NjRlMB8GCisGAQQBg78wAQQEEWJ1aWxkLXNpZ24tYXR0ZXN0MCoGCisG\nAQQBg78wAQUEHEppbUJ1Z3dhZGlhL2RlbW8tamF2YS10b21jYXQwHwYKKwYBBAGD\nvzABBgQRcmVmcy90YWdzL3YwLjAuMjIwgYoGCisGAQQB1nkCBAIEfAR6AHgAdgAI\nYJLwKFL/aEXR0WsnhJxFZxisFj3DONJt5rwiBjZvcgAAAYOz5+pbAAAEAwBHMEUC\nIBb8fwsLBOu+qJkL6UhT4pwGvRVAN2n74BF1BL703rqPAiEAznbfgYJbqA+JIUiQ\nwwLiFOD8pqidSl+HhW8Lhdg3o+wwCgYIKoZIzj0EAwMDaQAwZgIxAJIBIkZBhM+K\nkBIFNeuWBsyVaAcFRallz3C8jvPQCPbec0ZpIsw624dUs8zD3c96AQIxALf875rt\n+oZgwE6hsDazJzoTcBZ1mYVF6bAlwVdtMiC98aApG6T+qaBirxSgu7IGQw==\n-----END CERTIFICATE-----\n"
cert1, err := loadCert([]byte(pem1))
@@ -171,6 +212,10 @@ func (ts testSignature) Payload() ([]byte, error) {
return nil, fmt.Errorf("not implemented")
}
+func (ts testSignature) Signature() ([]byte, error) {
+ return nil, fmt.Errorf("not implemented")
+}
+
func (ts testSignature) Base64Signature() (string, error) {
return "", fmt.Errorf("not implemented")
}
@@ -187,6 +232,10 @@ func (ts testSignature) Bundle() (*bundle.RekorBundle, error) {
return nil, fmt.Errorf("not implemented")
}
+func (ts testSignature) RFC3161Timestamp() (*bundle.RFC3161Timestamp, error) {
+ return nil, nil
+}
+
func TestCosignMatchSignatures(t *testing.T) {
pem1 := "-----BEGIN CERTIFICATE-----\nMIIDtzCCAzygAwIBAgIUX9MdOHZMlRONmc0Iu3DtiLXLVLYwCgYIKoZIzj0EAwMw\nNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRl\ncm1lZGlhdGUwHhcNMjIxMDA3MTkyNDI0WhcNMjIxMDA3MTkzNDI0WjAAMFkwEwYH\nKoZIzj0CAQYIKoZIzj0DAQcDQgAE0+a5/FhwY4fREWP++3V4rciGiqWGRgHaiP1z\nSlWihKkU71sBVeTzjdrcN8wXzBAefqh5URBfCeE8pJRfQsVKxKOCAlswggJXMA4G\nA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUJy79\nhpkwHtXtLWOvFu/icY56bwgwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4Y\nZD8wbgYDVR0RAQH/BGQwYoZgaHR0cHM6Ly9naXRodWIuY29tL0ppbUJ1Z3dhZGlh\nL2RlbW8tamF2YS10b21jYXQvLmdpdGh1Yi93b3JrZmxvd3MvcHVibGlzaC55YW1s\nQHJlZnMvdGFncy92MC4wLjIyMDkGCisGAQQBg78wAQEEK2h0dHBzOi8vdG9rZW4u\nYWN0aW9ucy5naXRodWJ1c2VyY29udGVudC5jb20wEgYKKwYBBAGDvzABAgQEcHVz\naDA2BgorBgEEAYO/MAEDBChjNzY0NTI4NGZhN2FlYmU1NTQ2MThlZWU4NzliNGQ2\nOTQ3Zjg1NjRlMB8GCisGAQQBg78wAQQEEWJ1aWxkLXNpZ24tYXR0ZXN0MCoGCisG\nAQQBg78wAQUEHEppbUJ1Z3dhZGlhL2RlbW8tamF2YS10b21jYXQwHwYKKwYBBAGD\nvzABBgQRcmVmcy90YWdzL3YwLjAuMjIwgYoGCisGAQQB1nkCBAIEfAR6AHgAdgAI\nYJLwKFL/aEXR0WsnhJxFZxisFj3DONJt5rwiBjZvcgAAAYOz5+pbAAAEAwBHMEUC\nIBb8fwsLBOu+qJkL6UhT4pwGvRVAN2n74BF1BL703rqPAiEAznbfgYJbqA+JIUiQ\nwwLiFOD8pqidSl+HhW8Lhdg3o+wwCgYIKoZIzj0EAwMDaQAwZgIxAJIBIkZBhM+K\nkBIFNeuWBsyVaAcFRallz3C8jvPQCPbec0ZpIsw624dUs8zD3c96AQIxALf875rt\n+oZgwE6hsDazJzoTcBZ1mYVF6bAlwVdtMiC98aApG6T+qaBirxSgu7IGQw==\n-----END CERTIFICATE-----\n"
cert1, err := loadCert([]byte(pem1))
diff --git a/pkg/cosign/mock.go b/pkg/cosign/mock.go
index a46ba0cfe1..da8e500867 100644
--- a/pkg/cosign/mock.go
+++ b/pkg/cosign/mock.go
@@ -5,8 +5,9 @@ import (
"fmt"
"github.com/google/go-containerregistry/pkg/name"
- "github.com/sigstore/cosign/pkg/cosign"
- "github.com/sigstore/cosign/pkg/oci"
+ "github.com/sigstore/cosign/v2/pkg/cosign"
+ "github.com/sigstore/cosign/v2/pkg/oci"
+ "github.com/sigstore/cosign/v2/pkg/oci/static"
)
func SetMock(image string, data [][]byte) error {
@@ -53,17 +54,31 @@ func (m *mock) getSignatures(signedImgRef name.Reference) ([]oci.Signature, bool
sigs := make([]oci.Signature, 0, len(results))
for _, sp := range results {
- sigs = append(sigs, &sig{cosignPayload: sp})
+ ociSig, err := getSignature(sp)
+ if err != nil {
+ return nil, false, err
+ }
+ sigs = append(sigs, ociSig)
}
return sigs, true, nil
}
-type sig struct {
- oci.Signature
- cosignPayload cosign.SignedPayload
-}
-
-func (s *sig) Payload() ([]byte, error) {
- return s.cosignPayload.Payload, nil
+func getSignature(sp cosign.SignedPayload) (oci.Signature, error) {
+ chain := make([]byte, 0)
+ for _, cert := range sp.Chain {
+ chain = append(chain, cert.Raw...)
+ }
+ staticOpts := []static.Option{}
+ if sp.Cert != nil {
+ staticOpts = append(staticOpts, static.WithCertChain(sp.Cert.Raw, chain))
+ }
+ if sp.Bundle != nil {
+ staticOpts = append(staticOpts, static.WithBundle(sp.Bundle))
+ }
+ ociSig, err := static.NewSignature(sp.Payload, sp.Base64Signature, staticOpts...)
+ if err != nil {
+ return nil, fmt.Errorf("failed to get signature %v", err)
+ }
+ return ociSig, nil
}
diff --git a/pkg/engine/api/client.go b/pkg/engine/api/client.go
index 3c0b9e605f..70a4bdf43d 100644
--- a/pkg/engine/api/client.go
+++ b/pkg/engine/api/client.go
@@ -6,7 +6,7 @@ import (
"github.com/google/go-containerregistry/pkg/authn"
gcrremote "github.com/google/go-containerregistry/pkg/v1/remote"
- "github.com/sigstore/cosign/pkg/oci/remote"
+ "github.com/sigstore/cosign/v2/pkg/oci/remote"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
)
diff --git a/pkg/engine/handlers/validation/validate_manifest_test.go b/pkg/engine/handlers/validation/validate_manifest_test.go
index 26303044fb..a2b51d4dd9 100644
--- a/pkg/engine/handlers/validation/validate_manifest_test.go
+++ b/pkg/engine/handlers/validation/validate_manifest_test.go
@@ -714,7 +714,7 @@ func Test_VerifyManifest_MustAll_InvalidYAML(t *testing.T) {
})
logger := logr.Discard()
verified, _, err := h.verifyManifest(context.TODO(), logger, policyContext, verifyRule)
- errMsg := `.attestors[0].entries[1].keys: failed to verify signature: verification failed for 1 signature. all trials: ["[publickey 1/1] [signature 1/1] error: cosign.VerifyBlobCmd() returned an error: invalid signature when validating ASN.1 encoded signature"]`
+ errMsg := `.attestors[0].entries[1].keys: failed to verify signature: verification failed for 1 signature. all trials: ["[publickey 1/1] [signature 1/1] error: cosign.VerifyBlobCmd.Exec() returned an error: invalid signature when validating ASN.1 encoded signature"]`
assert.Error(t, err, errMsg)
assert.Equal(t, verified, false)
}
diff --git a/pkg/engine/image_verify_test.go b/pkg/engine/image_verify_test.go
index db7833dafb..eb8aed0626 100644
--- a/pkg/engine/image_verify_test.go
+++ b/pkg/engine/image_verify_test.go
@@ -60,7 +60,12 @@ var testPolicyGood = `{
"entries": [
{
"keys": {
- "publicKeys": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHMmDjK65krAyDaGaeyWNzgvIu155JI50B2vezCw8+3CVeE0lJTL5dbL3OP98Za0oAEBJcOxky8Riy/XcmfKZbw==\n-----END PUBLIC KEY-----"
+ "publicKeys": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHMmDjK65krAyDaGaeyWNzgvIu155JI50B2vezCw8+3CVeE0lJTL5dbL3OP98Za0oAEBJcOxky8Riy/XcmfKZbw==\n-----END PUBLIC KEY-----",
+ "rekor": {
+ "url": "https://rekor.sigstore.dev",
+ "ignoreSCT": true,
+ "ignoreTlog": true
+ }
}
}
]
@@ -290,7 +295,12 @@ var testSampleSingleKeyPolicy = `
"entries": [
{
"keys": {
- "publicKeys": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8nXRh950IZbRj8Ra/N9sbqOPZrfM\n5/KAQN0/KjHcorm/J5yctVd7iEcnessRQjU917hmKO6JWVGHpDguIyakZA==\n-----END PUBLIC KEY-----"
+ "publicKeys": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8nXRh950IZbRj8Ra/N9sbqOPZrfM\n5/KAQN0/KjHcorm/J5yctVd7iEcnessRQjU917hmKO6JWVGHpDguIyakZA==\n-----END PUBLIC KEY-----",
+ "rekor": {
+ "url": "https://rekor.sigstore.dev",
+ "ignoreSCT": true,
+ "ignoreTlog": true
+ }
}
}
]
@@ -340,12 +350,22 @@ var testSampleMultipleKeyPolicy = `
"entries": [
{
"keys": {
- "publicKeys": "KEY1"
+ "publicKeys": "KEY1",
+ "rekor": {
+ "url": "https://rekor.sigstore.dev",
+ "ignoreSCT": true,
+ "ignoreTlog": true
+ }
}
},
{
"keys": {
- "publicKeys": "KEY2"
+ "publicKeys": "KEY2",
+ "rekor": {
+ "url": "https://rekor.sigstore.dev",
+ "ignoreSCT": true,
+ "ignoreTlog": true
+ }
}
}
]
@@ -406,7 +426,12 @@ var testConfigMapMissing = `{
"entries": [
{
"keys": {
- "publicKeys": "{{myconfigmap.data.configmapkey}}"
+ "publicKeys": "{{myconfigmap.data.configmapkey}}",
+ "rekor": {
+ "url": "https://rekor.sigstore.dev",
+ "ignoreSCT": true,
+ "ignoreTlog": true
+ }
}
}
]
@@ -645,7 +670,12 @@ var testNestedAttestorPolicy = `
"entries": [
{
"keys": {
- "publicKeys": "KEY1"
+ "publicKeys": "KEY1",
+ "rekor": {
+ "url": "https://rekor.sigstore.dev",
+ "ignoreSCT": true,
+ "ignoreTlog": true
+ }
}
},
{
@@ -653,7 +683,12 @@ var testNestedAttestorPolicy = `
"entries": [
{
"keys": {
- "publicKeys": "KEY2"
+ "publicKeys": "KEY2",
+ "rekor": {
+ "url": "https://rekor.sigstore.dev",
+ "ignoreSCT": true,
+ "ignoreTlog": true
+ }
}
}
]
@@ -857,7 +892,12 @@ func Test_ParsePEMDelimited(t *testing.T) {
"entries": [
{
"keys": {
- "publicKeys": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfVMHGmFK4OgVqhy36KZ7a3r4R4/o\nCwaCVvXZV4ZULFbkFZ0IodGqKqcVmgycnoj7d8TpKpAUVNF8kKh90ewH3A==\n-----END PUBLIC KEY-----\n-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0f1W0XigyPFbX8Xq3QmkbL9gDFTf\nRfc8jF7UadBcwKxiyvPSOKZn+igQfXzpNjrwPSZ58JGvF4Fs8BB3fSRP2g==\n-----END PUBLIC KEY-----"
+ "publicKeys": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfVMHGmFK4OgVqhy36KZ7a3r4R4/o\nCwaCVvXZV4ZULFbkFZ0IodGqKqcVmgycnoj7d8TpKpAUVNF8kKh90ewH3A==\n-----END PUBLIC KEY-----\n-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0f1W0XigyPFbX8Xq3QmkbL9gDFTf\nRfc8jF7UadBcwKxiyvPSOKZn+igQfXzpNjrwPSZ58JGvF4Fs8BB3fSRP2g==\n-----END PUBLIC KEY-----",
+ "rekor": {
+ "url": "https://rekor.sigstore.dev",
+ "ignoreSCT": true,
+ "ignoreTlog": true
+ }
}
}
]
diff --git a/pkg/engine/internal/imageverifier.go b/pkg/engine/internal/imageverifier.go
index 7a48730a42..42f75f84b0 100644
--- a/pkg/engine/internal/imageverifier.go
+++ b/pkg/engine/internal/imageverifier.go
@@ -505,6 +505,7 @@ func (iv *ImageVerifier) buildCosignVerifier(
if attestation != nil {
opts.PredicateType = attestation.PredicateType
opts.Type = attestation.Type
+ opts.IgnoreSCT = true // TODO: Add option to allow SCT when attestors are not provided
if attestation.PredicateType != "" && attestation.Type == "" {
iv.logger.Info("predicate type has been deprecated, please use type instead")
opts.Type = attestation.PredicateType
@@ -523,6 +524,13 @@ func (iv *ImageVerifier) buildCosignVerifier(
}
if attestor.Keys.Rekor != nil {
opts.RekorURL = attestor.Keys.Rekor.URL
+ opts.RekorPubKey = attestor.Keys.Rekor.RekorPubKey
+ opts.IgnoreSCT = attestor.Keys.Rekor.IgnoreSCT
+ opts.IgnoreTlog = attestor.Keys.Rekor.IgnoreTlog
+ } else {
+ opts.RekorURL = "https://rekor.sigstore.dev"
+ opts.IgnoreSCT = false
+ opts.IgnoreTlog = false
}
opts.SignatureAlgorithm = attestor.Keys.SignatureAlgorithm
} else if attestor.Certificates != nil {
@@ -536,6 +544,13 @@ func (iv *ImageVerifier) buildCosignVerifier(
path = path + ".keyless"
if attestor.Keyless.Rekor != nil {
opts.RekorURL = attestor.Keyless.Rekor.URL
+ opts.RekorPubKey = attestor.Keyless.Rekor.RekorPubKey
+ opts.IgnoreSCT = attestor.Keyless.Rekor.IgnoreSCT
+ opts.IgnoreTlog = attestor.Keyless.Rekor.IgnoreTlog
+ } else {
+ opts.RekorURL = "https://rekor.sigstore.dev"
+ opts.IgnoreSCT = false
+ opts.IgnoreTlog = false
}
opts.Roots = attestor.Keyless.Roots
diff --git a/pkg/images/verifier.go b/pkg/images/verifier.go
index 201999cc18..ca0a7ed200 100644
--- a/pkg/images/verifier.go
+++ b/pkg/images/verifier.go
@@ -4,7 +4,7 @@ import (
"context"
"github.com/google/go-containerregistry/pkg/authn"
- "github.com/sigstore/cosign/pkg/oci/remote"
+ "github.com/sigstore/cosign/v2/pkg/oci/remote"
)
type ImageVerifier interface {
@@ -34,6 +34,9 @@ type Options struct {
Annotations map[string]string
Repository string
RekorURL string
+ RekorPubKey string
+ IgnoreSCT bool
+ IgnoreTlog bool
SignatureAlgorithm string
PredicateType string
Type string
diff --git a/pkg/notary/notary.go b/pkg/notary/notary.go
index 6dc18c617b..2d60dc5f82 100644
--- a/pkg/notary/notary.go
+++ b/pkg/notary/notary.go
@@ -9,7 +9,7 @@ import (
"github.com/go-logr/logr"
"github.com/google/go-containerregistry/pkg/name"
v1 "github.com/google/go-containerregistry/pkg/v1"
- "github.com/google/go-containerregistry/pkg/v1/remote"
+ gcrremote "github.com/google/go-containerregistry/pkg/v1/remote"
"github.com/kyverno/kyverno/pkg/images"
"github.com/kyverno/kyverno/pkg/logging"
_ "github.com/notaryproject/notation-core-go/signature/cose"
@@ -146,16 +146,17 @@ func (v *notaryVerifier) FetchAttestations(ctx context.Context, opts images.Opti
v.log.V(4).Info("client setup done", "repo", ref)
- repoDesc, err := remote.Head(ref, remoteOpts...)
+ repoDesc, err := gcrremote.Head(ref, remoteOpts...)
if err != nil {
return nil, err
}
v.log.V(4).Info("fetched repository", "repoDesc", repoDesc)
- referrers, err := remote.Referrers(ref.Context().Digest(repoDesc.Digest.String()), remoteOpts...)
+ referrers, err := gcrremote.Referrers(ref.Context().Digest(repoDesc.Digest.String()), remoteOpts...)
if err != nil {
return nil, err
}
+
referrersDescs, err := referrers.IndexManifest()
if err != nil {
return nil, err
@@ -265,7 +266,7 @@ func verifyAttestators(ctx context.Context, v *notaryVerifier, ref name.Referenc
return targetDesc, nil
}
-func extractStatements(ctx context.Context, repoRef name.Reference, desc v1.Descriptor, remoteOpts []remote.Option) ([]map[string]interface{}, error) {
+func extractStatements(ctx context.Context, repoRef name.Reference, desc v1.Descriptor, remoteOpts []gcrremote.Option) ([]map[string]interface{}, error) {
statements := make([]map[string]interface{}, 0)
data, err := extractStatement(ctx, repoRef, desc, remoteOpts)
if err != nil {
@@ -279,14 +280,14 @@ func extractStatements(ctx context.Context, repoRef name.Reference, desc v1.Desc
return statements, nil
}
-func extractStatement(ctx context.Context, repoRef name.Reference, desc v1.Descriptor, remoteOpts []remote.Option) (map[string]interface{}, error) {
+func extractStatement(ctx context.Context, repoRef name.Reference, desc v1.Descriptor, remoteOpts []gcrremote.Option) (map[string]interface{}, error) {
refStr := repoRef.Context().RegistryStr() + "/" + repoRef.Context().RepositoryStr() + "@" + desc.Digest.String()
ref, err := name.ParseReference(refStr)
if err != nil {
return nil, errors.Wrapf(err, "failed to parse image reference: %s", refStr)
}
- remoteDesc, err := remote.Get(ref, remoteOpts...)
+ remoteDesc, err := gcrremote.Get(ref, remoteOpts...)
if err != nil {
return nil, fmt.Errorf("error in fetching manifest: %w", err)
}
@@ -307,7 +308,7 @@ func extractStatement(ctx context.Context, repoRef name.Reference, desc v1.Descr
}
predicateDesc := manifest.Layers[0]
- layer, err := remote.Layer(ref.Context().Digest(predicateDesc.Digest.String()), remoteOpts...)
+ layer, err := gcrremote.Layer(ref.Context().Digest(predicateDesc.Digest.String()), remoteOpts...)
if err != nil {
return nil, err
}
diff --git a/pkg/registryclient/client.go b/pkg/registryclient/client.go
index dd65523d6c..acc39c6cff 100644
--- a/pkg/registryclient/client.go
+++ b/pkg/registryclient/client.go
@@ -7,6 +7,7 @@ import (
"io"
"net"
"net/http"
+ "runtime"
"time"
"github.com/awslabs/amazon-ecr-credential-helper/ecr-login"
@@ -17,10 +18,11 @@ import (
"github.com/google/go-containerregistry/pkg/v1/google"
gcrremote "github.com/google/go-containerregistry/pkg/v1/remote"
"github.com/kyverno/kyverno/pkg/tracing"
- "github.com/sigstore/cosign/pkg/oci/remote"
+ "github.com/sigstore/cosign/v2/pkg/oci/remote"
"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
"k8s.io/apimachinery/pkg/util/sets"
corev1listers "k8s.io/client-go/listers/core/v1"
+ "sigs.k8s.io/release-utils/version"
)
var (
@@ -40,6 +42,8 @@ var (
TLSHandshakeTimeout: 10 * time.Second,
ExpectContinueTimeout: 1 * time.Second,
}
+
+ userAgent = fmt.Sprintf("cosign/%s (%s; %s)", version.GetVersionInfo().GitVersion, runtime.GOOS, runtime.GOARCH)
)
// Client provides registry related objects.
@@ -171,6 +175,7 @@ func (c *client) BuildRemoteOption(ctx context.Context) remote.Option {
gcrremote.WithAuthFromKeychain(c.keychain),
gcrremote.WithTransport(c.transport),
gcrremote.WithContext(ctx),
+ gcrremote.WithUserAgent(userAgent),
)
}
diff --git a/pkg/validation/policy/validate.go b/pkg/validation/policy/validate.go
index d7452daee4..15d1d9d5b8 100644
--- a/pkg/validation/policy/validate.go
+++ b/pkg/validation/policy/validate.go
@@ -1324,7 +1324,7 @@ func checkForDeprecatedFieldsInVerifyImages(rule kyvernov1.Rule, warnings *[]str
for _, imageVerify := range rule.VerifyImages {
for _, attestation := range imageVerify.Attestations {
if attestation.PredicateType != "" {
- msg := fmt.Sprintf("predicateType has been deprecated use 'type: %s' instead of 'prediacteType: %s'", attestation.PredicateType, attestation.PredicateType)
+ msg := fmt.Sprintf("predicateType has been deprecated use 'type: %s' instead of 'predicateType: %s'", attestation.PredicateType, attestation.PredicateType)
*warnings = append(*warnings, msg)
}
}
diff --git a/test/cli/test/images/signatures/policies.yaml b/test/cli/test/images/signatures/policies.yaml
index c5e8e5fb5b..51368548f2 100644
--- a/test/cli/test/images/signatures/policies.yaml
+++ b/test/cli/test/images/signatures/policies.yaml
@@ -25,3 +25,7 @@ spec:
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8nXRh950IZbRj8Ra/N9sbqOPZrfM
5/KAQN0/KjHcorm/J5yctVd7iEcnessRQjU917hmKO6JWVGHpDguIyakZA==
-----END PUBLIC KEY-----
+ rekor:
+ url: https://rekor.sigstore.dev
+ ignoreTlog: true
+ ignoreSCT: true
diff --git a/test/cli/test/images/verify-signature/policies.yaml b/test/cli/test/images/verify-signature/policies.yaml
index fe3a273393..088a80dc42 100644
--- a/test/cli/test/images/verify-signature/policies.yaml
+++ b/test/cli/test/images/verify-signature/policies.yaml
@@ -25,6 +25,10 @@ spec:
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8nXRh950IZbRj8Ra/N9sbqOPZrfM
5/KAQN0/KjHcorm/J5yctVd7iEcnessRQjU917hmKO6JWVGHpDguIyakZA==
-----END PUBLIC KEY-----
+ rekor:
+ url: https://rekor.sigstore.dev
+ ignoreTlog: true
+ ignoreSCT: true
---
apiVersion: kyverno.io/v1
kind: ClusterPolicy
@@ -58,4 +62,8 @@ spec:
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8nXRh950IZbRj8Ra/N9sbqOPZrfM
5/KAQN0/KjHcorm/J5yctVd7iEcnessRQjU917hmKO6JWVGHpDguIyakZA==
- -----END PUBLIC KEY-----
\ No newline at end of file
+ -----END PUBLIC KEY-----
+ rekor:
+ url: https://rekor.sigstore.dev
+ ignoreTlog: true
+ ignoreSCT: true
\ No newline at end of file
diff --git a/test/conformance/kuttl/reports/background/verify-image-fail/policy.yaml b/test/conformance/kuttl/reports/background/verify-image-fail/policy.yaml
index 0d1ff4f3cf..157c8e2437 100644
--- a/test/conformance/kuttl/reports/background/verify-image-fail/policy.yaml
+++ b/test/conformance/kuttl/reports/background/verify-image-fail/policy.yaml
@@ -27,3 +27,7 @@ spec:
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8nXRh950IZbRj8Ra/N9sbqOPZrfM
5/KAQN0/KjHcorm/J5yctVd7iEcnessRQjU917hmKO6JWVGHpDguIyakZA==
-----END PUBLIC KEY-----
+ rekor:
+ url: https://rekor.sigstore.dev
+ ignoreTlog: true
+ ignoreSCT: true
\ No newline at end of file
diff --git a/test/conformance/kuttl/reports/background/verify-image-pass/policy.yaml b/test/conformance/kuttl/reports/background/verify-image-pass/policy.yaml
index 0d1ff4f3cf..d912a96d25 100644
--- a/test/conformance/kuttl/reports/background/verify-image-pass/policy.yaml
+++ b/test/conformance/kuttl/reports/background/verify-image-pass/policy.yaml
@@ -27,3 +27,7 @@ spec:
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8nXRh950IZbRj8Ra/N9sbqOPZrfM
5/KAQN0/KjHcorm/J5yctVd7iEcnessRQjU917hmKO6JWVGHpDguIyakZA==
-----END PUBLIC KEY-----
+ rekor:
+ url: https://rekor.sigstore.dev
+ ignoreTlog: true
+ ignoreSCT: true
diff --git a/test/conformance/kuttl/validate/clusterpolicy/standard/wildcard/block-verifyimage/policy.yaml b/test/conformance/kuttl/validate/clusterpolicy/standard/wildcard/block-verifyimage/policy.yaml
index d82f1791cd..cc7f0f19ac 100644
--- a/test/conformance/kuttl/validate/clusterpolicy/standard/wildcard/block-verifyimage/policy.yaml
+++ b/test/conformance/kuttl/validate/clusterpolicy/standard/wildcard/block-verifyimage/policy.yaml
@@ -24,3 +24,7 @@ spec:
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8nXRh950IZbRj8Ra/N9sbqOPZrfM
5/KAQN0/KjHcorm/J5yctVd7iEcnessRQjU917hmKO6JWVGHpDguIyakZA==
-----END PUBLIC KEY-----
+ rekor:
+ url: https://rekor.sigstore.dev
+ ignoreTlog: true
+ ignoreSCT: true
diff --git a/test/conformance/kuttl/validate/e2e/yaml-signing/policy.yaml b/test/conformance/kuttl/validate/e2e/yaml-signing/policy.yaml
index ccb29f1d73..20487f9f4d 100644
--- a/test/conformance/kuttl/validate/e2e/yaml-signing/policy.yaml
+++ b/test/conformance/kuttl/validate/e2e/yaml-signing/policy.yaml
@@ -42,3 +42,7 @@ spec:
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEyQfmL5YwHbn9xrrgG3vgbU0KJxMY
BibYLJ5L4VSMvGxeMLnBGdM48w5IE//6idUPj3rscigFdHs7GDMH4LLAng==
-----END PUBLIC KEY-----
+ rekor:
+ url: https://rekor.sigstore.dev
+ ignoreTlog: true
+ ignoreSCT: true
diff --git a/test/conformance/kuttl/verify-manifests/multi-signatures/policy.yaml b/test/conformance/kuttl/verify-manifests/multi-signatures/policy.yaml
index 13e977e840..55dddce888 100644
--- a/test/conformance/kuttl/verify-manifests/multi-signatures/policy.yaml
+++ b/test/conformance/kuttl/verify-manifests/multi-signatures/policy.yaml
@@ -24,9 +24,17 @@ spec:
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEyQfmL5YwHbn9xrrgG3vgbU0KJxMY
BibYLJ5L4VSMvGxeMLnBGdM48w5IE//6idUPj3rscigFdHs7GDMH4LLAng==
-----END PUBLIC KEY-----
+ rekor:
+ url: https://rekor.sigstore.dev
+ ignoreTlog: true
+ ignoreSCT: true
- keys:
publicKeys: |-
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEE8uGVnyDWPPlB7M5KOHRzxzPHtAy
FdGxexVrR4YqO1pRViKxmD9oMu4I7K/4sM51nbH65ycB2uRiDfIdRoV/+A==
-----END PUBLIC KEY-----
+ rekor:
+ url: https://rekor.sigstore.dev
+ ignoreTlog: true
+ ignoreSCT: true
diff --git a/test/conformance/kuttl/verifyImages/clusterpolicy/cornercases/multiple-attestors/01-policy.yaml b/test/conformance/kuttl/verifyImages/clusterpolicy/cornercases/multiple-attestors/01-policy.yaml
index 6e94f745d6..6a6c428f53 100644
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/cornercases/multiple-attestors/01-policy.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/cornercases/multiple-attestors/01-policy.yaml
@@ -25,6 +25,10 @@ spec:
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8nXRh950IZbRj8Ra/N9sbqOPZrfM
5/KAQN0/KjHcorm/J5yctVd7iEcnessRQjU917hmKO6JWVGHpDguIyakZA==
-----END PUBLIC KEY-----
+ rekor:
+ url: https://rekor.sigstore.dev
+ ignoreTlog: true
+ ignoreSCT: true
imageReferences:
- ghcr.io/kyverno/test-verify-image:*
mutateDigest: true
@@ -46,6 +50,10 @@ spec:
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOUD2uzRHLnx1oH6XAnF+8haL73BF
zh9pMI1x1/c4Nj/w+rsrgMCDyV/S8hmsXEbizhYD3QndVtV1piBDfDIb8w==
-----END PUBLIC KEY-----
+ rekor:
+ url: https://rekor.sigstore.dev
+ ignoreTlog: true
+ ignoreSCT: true
imageReferences:
- my.local.repo/*
mutateDigest: false
diff --git a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/empty-image/policy.yaml b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/empty-image/policy.yaml
index 19592cea08..e4e74c4784 100644
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/empty-image/policy.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/empty-image/policy.yaml
@@ -25,3 +25,7 @@ spec:
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8nXRh950IZbRj8Ra/N9sbqOPZrfM
5/KAQN0/KjHcorm/J5yctVd7iEcnessRQjU917hmKO6JWVGHpDguIyakZA==
-----END PUBLIC KEY-----
+ rekor:
+ url: https://rekor.sigstore.dev
+ ignoreTlog: true
+ ignoreSCT: true
diff --git a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/failure-policy-test-noconfigmap-diffimage-success/policy.yaml b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/failure-policy-test-noconfigmap-diffimage-success/policy.yaml
index 397730342e..699aa1be7c 100644
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/failure-policy-test-noconfigmap-diffimage-success/policy.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/failure-policy-test-noconfigmap-diffimage-success/policy.yaml
@@ -28,5 +28,9 @@ spec:
- entries:
- keys:
publicKeys: '{{myconfigmap.data.configmapkey}}'
+ rekor:
+ url: https://rekor.sigstore.dev
+ ignoreTlog: true
+ ignoreSCT: true
validationFailureAction: Audit
webhookTimeoutSeconds: 30
diff --git a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex-keyless/policy.yaml b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex-keyless/policy.yaml
index 0e0ecc7719..2421f87e78 100644
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex-keyless/policy.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/imageExtractors-complex-keyless/policy.yaml
@@ -30,4 +30,5 @@ spec:
subject: "https://github.com/*"
rekor:
url: https://rekor.sigstore.dev
+ ignoreSCT: true
required: true
diff --git a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyed-basic-namespace-selector/01-manifests.yaml b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyed-basic-namespace-selector/01-manifests.yaml
index fb71b09071..72035aea49 100644
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyed-basic-namespace-selector/01-manifests.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyed-basic-namespace-selector/01-manifests.yaml
@@ -45,3 +45,6 @@ spec:
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8nXRh950IZbRj8Ra/N9sbqOPZrfM
5/KAQN0/KjHcorm/J5yctVd7iEcnessRQjU917hmKO6JWVGHpDguIyakZA==
-----END PUBLIC KEY-----
+ rekor:
+ url: https://rekor.sigstore.dev
+ ignoreTlog: true
diff --git a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyed-basic/01-manifests.yaml b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyed-basic/01-manifests.yaml
index e34fe892a7..d0e96819a4 100644
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyed-basic/01-manifests.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyed-basic/01-manifests.yaml
@@ -30,3 +30,6 @@ spec:
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8nXRh950IZbRj8Ra/N9sbqOPZrfM
5/KAQN0/KjHcorm/J5yctVd7iEcnessRQjU917hmKO6JWVGHpDguIyakZA==
-----END PUBLIC KEY-----
+ rekor:
+ url: https://rekor.sigstore.dev
+ ignoreTlog: true
diff --git a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyed-secret/01-manifests.yaml b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyed-secret/01-manifests.yaml
index 40270f4793..3c9d37c7ea 100644
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyed-secret/01-manifests.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyed-secret/01-manifests.yaml
@@ -28,6 +28,9 @@ spec:
secret:
name: testsecret
namespace: test-verify-images
+ rekor:
+ url: https://rekor.sigstore.dev
+ ignoreTlog: true
---
apiVersion: v1
kind: Secret
diff --git a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-1/01-manifests.yaml b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-1/01-manifests.yaml
index 3ad2cb4d58..8caf290a42 100644
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-1/01-manifests.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-1/01-manifests.yaml
@@ -28,6 +28,7 @@ spec:
issuer: "https://token.actions.githubusercontent.com"
rekor:
url: https://rekor.sigstore.dev
+ ignoreSCT: true
conditions:
- all:
- key: "{{ regex_match('^https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@refs/heads/main','{{ builder.id}}') }}"
diff --git a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-2/01-manifests.yaml b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-2/01-manifests.yaml
index 1a5272d177..558b425454 100644
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-2/01-manifests.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-2/01-manifests.yaml
@@ -27,6 +27,7 @@ spec:
issuer: "https://token.actions.githubusercontent.com"
rekor:
url: https://rekor.sigstore.dev
+ ignoreSCT: true
conditions:
- all:
- key: "{{ regex_match('^pkg:github/aquasecurity/trivy@0.34.0','{{ scanner.uri }}') }}"
diff --git a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-3/01-manifests.yaml b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-3/01-manifests.yaml
index 3cd0fb3e56..05cc1b9a65 100644
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-3/01-manifests.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-3/01-manifests.yaml
@@ -27,6 +27,7 @@ spec:
issuer: "https://token.actions.githubusercontent.com"
rekor:
url: https://rekor.sigstore.dev
+ ignoreSCT: true
conditions:
- all:
- key: "{{ regex_match('^https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@refs/heads/main','{{ builder.id}}') }}"
diff --git a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-counts-1/01-manifests.yaml b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-counts-1/01-manifests.yaml
index 7e93706b3d..dd1f1618e5 100644
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-counts-1/01-manifests.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-counts-1/01-manifests.yaml
@@ -27,11 +27,13 @@ spec:
issuer: "https://token.actions.githubusercontent.com"
rekor:
url: https://rekor.sigstore.dev
+ ignoreSCT: true
- keyless:
subject: "https://github.com/chipzoller/zulu/.github/workflows/vulnerability-scan.yaml@refs/heads/main"
issuer: "https://token.actions.githubusercontent.com"
rekor:
url: https://rekor.sigstore.dev
+ ignoreSCT: true
count: 1
conditions:
- all:
diff --git a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-counts-2/01-manifests.yaml b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-counts-2/01-manifests.yaml
index 86c95d6292..d0bb01ff0e 100644
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-counts-2/01-manifests.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-counts-2/01-manifests.yaml
@@ -27,11 +27,13 @@ spec:
issuer: "https://token.actions.githubusercontent.com"
rekor:
url: https://rekor.sigstore.dev
+ ignoreSCT: true
- keyless:
subject: "https://github.com/chipzoller/zulu/.github/workflows/vulnerability-scan.yaml@refs/heads/main"
issuer: "https://token.actions.githubusercontent.com"
rekor:
url: https://rekor.sigstore.dev
+ ignoreSCT: true
count: 2
conditions:
- all:
diff --git a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-counts-3/01-manifests.yaml b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-counts-3/01-manifests.yaml
index 03a366d3c4..63f68fdb56 100644
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-counts-3/01-manifests.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-attestations-multiple-subjects-counts-3/01-manifests.yaml
@@ -27,11 +27,13 @@ spec:
issuer: "https://token.actions.githubusercontent.com"
rekor:
url: https://rekor.sigstore.dev
+ ignoreSCT: true
- keyless:
subject: "https://github.com/chipzoller/zulu/.github/workflows/vulnerability-scan.yaml@refs/heads/main"
issuer: "https://token.actions.githubusercontent.com"
rekor:
url: https://rekor.sigstore.dev
+ ignoreSCT: true
conditions:
- all:
- key: "{{ regex_match('^https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@refs/heads/main','{{ builder.id}}') }}"
diff --git a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-mutatedigest-verifydigest-required/01-manifests.yaml b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-mutatedigest-verifydigest-required/01-manifests.yaml
index 5ef445722c..fe6a649946 100644
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-mutatedigest-verifydigest-required/01-manifests.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-mutatedigest-verifydigest-required/01-manifests.yaml
@@ -24,4 +24,5 @@ spec:
subject: "https://github.com/chipzoller/zulu/.github/workflows/slsa-generic-keyless.yaml@refs/tags/v*"
issuer: "https://token.actions.githubusercontent.com"
rekor:
- url: https://rekor.sigstore.dev
\ No newline at end of file
+ url: https://rekor.sigstore.dev
+ ignoreSCT: true
\ No newline at end of file
diff --git a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-nomutatedigest-noverifydigest-norequired/01-manifests.yaml b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-nomutatedigest-noverifydigest-norequired/01-manifests.yaml
index 8d92bd6f57..431a025bf0 100644
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-nomutatedigest-noverifydigest-norequired/01-manifests.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-nomutatedigest-noverifydigest-norequired/01-manifests.yaml
@@ -24,4 +24,5 @@ spec:
subject: "https://github.com/chipzoller/zulu/.github/workflows/slsa-generic-keyless.yaml@refs/tags/v*"
issuer: "https://token.actions.githubusercontent.com"
rekor:
- url: https://rekor.sigstore.dev
\ No newline at end of file
+ url: https://rekor.sigstore.dev
+ ignoreSCT: true
\ No newline at end of file
diff --git a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-nomutatedigest-noverifydigest-required/01-manifests.yaml b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-nomutatedigest-noverifydigest-required/01-manifests.yaml
index 0e0589ae3c..20a6fe1b60 100644
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-nomutatedigest-noverifydigest-required/01-manifests.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/keyless-nomutatedigest-noverifydigest-required/01-manifests.yaml
@@ -24,4 +24,5 @@ spec:
subject: "https://github.com/chipzoller/zulu/.github/workflows/slsa-generic-keyless.yaml@refs/tags/v*"
issuer: "https://token.actions.githubusercontent.com"
rekor:
- url: https://rekor.sigstore.dev
\ No newline at end of file
+ url: https://rekor.sigstore.dev
+ ignoreSCT: true
\ No newline at end of file
diff --git a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/rollback-image-verification/policy.yaml b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/rollback-image-verification/policy.yaml
index 461e11afb8..11644d950b 100644
--- a/test/conformance/kuttl/verifyImages/clusterpolicy/standard/rollback-image-verification/policy.yaml
+++ b/test/conformance/kuttl/verifyImages/clusterpolicy/standard/rollback-image-verification/policy.yaml
@@ -30,4 +30,8 @@ spec:
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfnYaFSrs2pLp4ShcWBgMLJM6Gki/
1tC5ZWN2IuJTe2RbyVrDEn1qLBXNzGKhIXbsUyO5+BuIfgMdek1pDYFZGQ==
- -----END PUBLIC KEY-----
\ No newline at end of file
+ -----END PUBLIC KEY-----
+ rekor:
+ url: https://rekor.sigstore.dev
+ ignoreTlog: true
+ ignoreSCT: true
\ No newline at end of file