You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The OCI spec defines the use of annotations to contain arbitrary metadata. While cosign supports creating key, value pairs when signing, these are added into the optional section and therefore will not be easily discovered by any tooling that is looking at annotations directly.
In order to enable annotations to be applied to the generated OCI artifacts to maintain consistency with the signed ones, cosign should support the addition of the following annotations for both signatures and attestations:
Description
The OCI spec defines the use of annotations to contain arbitrary metadata. While
cosign
supports creating key, value pairs when signing, these are added into theoptional
section and therefore will not be easily discovered by any tooling that is looking at annotations directly.In order to enable annotations to be applied to the generated OCI artifacts to maintain consistency with the signed ones,
cosign
should support the addition of the following annotations for both signatures and attestations:The text was updated successfully, but these errors were encountered: