provide vulnerability attestation based on cosign vuln spec #1646
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
priority/backlog
Higher priority than priority/awaiting-more-evidence.
Milestone
In cosign, we (w/@Dentrax @dlorenc) worked on generating a spec for vulnerabilities1 and ended up having something like the following 👇
https://github.com/sigstore/cosign/blob/main/specs/COSIGN_VULN_ATTESTATION_SPEC.md
So, I thought it'd be nice to adapt it to Trivy, and maybe we can enable this support with a flag
--attestation <PATH>.
Footnotes
https://github.com/sigstore/cosign/issues/442 ↩
The text was updated successfully, but these errors were encountered: