Support validation of Cosign OCI statements with type https://in-toto.io/Statement/v0.1#464
Merged
marcelamelara merged 1 commit intoin-toto:mainfrom Aug 27, 2025
Conversation
marcelamelara
requested changes
Jul 2, 2025
Contributor
marcelamelara
left a comment
There was a problem hiding this comment.
Thanks for sending this @alenon , apologies for the very long delay. I think these changes will be helpful for backwards compatibility, but don't want to lose the specificity of checking the supported versions.
Contributor
|
@in-toto/attestation-maintainers can we please get a second review here? |
a0b44fb to
c4688e3
Compare
Contributor
trishankatdatadog
left a comment
There was a problem hiding this comment.
Thanks for your much-needed PR! Left some minor comments...
8727b89 to
55da453
Compare
0bda362 to
79d1d7c
Compare
trishankatdatadog
suggested changes
Aug 26, 2025
….io/Statement/v0.1 This change updates the method to allow statements with type v0.1 in addition to v1. This ensures compatibility with Cosign OCI signatures. Fixes in-toto#461 Signed-off-by: Yevdo Abramov <5107130+alenon@users.noreply.github.com>
51265b0 to
6264e54
Compare
trishankatdatadog
approved these changes
Aug 27, 2025
marcelamelara
approved these changes
Aug 27, 2025
Contributor
marcelamelara
left a comment
There was a problem hiding this comment.
Thanks so much for these updates @alenon ! Looks great now.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Support validation of Cosign OCI statements with type https://in-toto.io/Statement/v0.1
This change updates the method to allow statements with type v0.1 in addition to v1. This ensures compatibility with Cosign OCI signatures.
Fixes #461