You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm playing around with cosign with the latest OCI 1.1 with Referrers support. For the test I'm running a local zot registry.
It keeps using the old cosign tag instead of the new OCI tag (or no tag in case of zot?)
COSIGN_OCI_EXPERIMENTAL=1 cosign sign $myimage
...
tlog entry created with index: 16776742
Pushing signature to: localhost:5001/zot
regctl tag list $myimage
latest
sha256-501e08f696ad6fb26680a6f0d3f0471a40da05f20fc64654118c3474c4a64c70.sig
COSIGN_OCI_EXPERIMENTAL=1 cosign attach sbom --sbom ./spdx.json --type spdx $myimage
...
Uploading SBOM file for [localhost:5001/zot:latest] to [localhost:5001/zot:sha256-501e08f696ad6fb26680a6f0d3f0471a40da05f20fc64654118c3474c4a64c70.sbom] with mediaType [text/spdx+json].
regctl tag list $myimage
latest
sha256-501e08f696ad6fb26680a6f0d3f0471a40da05f20fc64654118c3474c4a64c70.sbom
I've also tried to export COSIGN_OCI_EXPERIMENTAL=1 just in case.
I'm playing around with cosign with the latest OCI 1.1 with Referrers support. For the test I'm running a local zot registry.
It keeps using the old cosign tag instead of the new OCI tag (or no tag in case of zot?)
I've also tried to
export COSIGN_OCI_EXPERIMENTAL=1
just in case.Any tips?
The text was updated successfully, but these errors were encountered: