You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+16-15Lines changed: 16 additions & 15 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -126,13 +126,10 @@ The following checks were performed on these signatures:
126
126
OCI registries are useful for storing more than just container images!
127
127
`Cosign` also includes some utilities for publishing generic artifacts, including binaries, scripts, and configuration files using the OCI protocol.
128
128
129
-
### Blobs
130
-
131
-
OCI registries are useful for storing more than just container images!
132
-
`Cosign` also includes some utilities for publishing generic artifacts, including binaries, scripts, and configuration files using the OCI protocol.
133
-
134
129
This section shows how to leverage these for an easy-to-use, backwards-compatible artifact distribution system that integrates well with the rest of Sigstore.
135
130
131
+
### Blobs
132
+
136
133
You can publish an artifact with `cosign upload blob`:
137
134
138
135
```shell
@@ -196,11 +193,11 @@ The signature, claims and transparency log proofs are all verified automatically
196
193
197
194
#### Tekton Bundles
198
195
199
-
(Tekton)[https://tekton.dev] bundles can be uploaded and managed within an OCI registry.
200
-
The specification is [here]https://tekton.dev/docs/pipelines/tekton-bundle-contracts/.
196
+
[Tekton](https://tekton.dev) bundles can be uploaded and managed within an OCI registry.
197
+
The specification is [here](https://tekton.dev/docs/pipelines/tekton-bundle-contracts/).
201
198
This means they can also be signed and verified with `cosign`.
202
199
203
-
Tekon Bundles can curently be uploaded with the [tkn cli](github.com/tekton/cli), but we may add this support to
200
+
Tekton Bundles can currently be uploaded with the [tkn cli](github.com/tekton/cli), but we may add this support to
204
201
`cosign` in the future.
205
202
206
203
```shell
@@ -250,7 +247,7 @@ Today, `cosign` has been tested and works against the following registries:
250
247
* Azure Container Registry
251
248
* JFrog Artifactory Container Registry
252
249
* The CNCF distribution/distribution Registry
253
-
*Gitlab Container Registry
250
+
*GitLab Container Registry
254
251
* GitHub Container Registry
255
252
* The CNCF Harbor Registry
256
253
* Digital Ocean Container Registry
@@ -325,7 +322,7 @@ That looks like:
325
322
**Note:** This can be generated for an image reference using `cosign generate <image>`.
326
323
327
324
I'm happy to switch this format to something else if it makes sense.
328
-
See [https://github.com/notaryproject/nv2/issues/40] for one option.
325
+
See https://github.com/notaryproject/nv2/issues/40 for one option.
329
326
330
327
331
328
#### Registry Details
@@ -338,7 +335,7 @@ Similarly, they **can** easily be copied from one environment to another, but th
338
335
automatic.
339
336
340
337
Multiple signatures are stored in a list which is unfortunately "racy" today.
341
-
To add a signtaure, clients orchestrate a "read-append-write" operation, so the last write
338
+
To add a signature, clients orchestrate a "read-append-write" operation, so the last write
342
339
will win in the case of contention.
343
340
344
341
##### Specifying Registry
@@ -407,8 +404,6 @@ Right now cosign supports Hashicorp Vault, AWS KMS, and GCP KMS, and we are hopi
407
404
408
405
See the [KMS docs](KMS.md) for more details.
409
406
410
-
```
411
-
412
407
### OCI Artifacts
413
408
414
409
Push an artifact to a registry using [oras](https://github.com/deislabs/oras) (in this case, `cosign` itself!):
0 commit comments