Skip to content

v0.40.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 17 Nov 12:09
· 1592 commits to main since this release
v0.40.0
0524cd3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Public discovery endpoint

This release exposes a discovery API endpoint that returns the referrers from public workflows of allowed organizations #441. This feature enables a shared (cross-organization) public index between materials, attestations, and CI context.

For example, let's say we want to know everything about a container image with digest sha256:679d7f74941e1b121c49f85b2efbe7a147db90d60352e02b1d20da0a8b44c924, by going to this URL you can see all the attestations that have referenced this image.

This result is also available through the CLI in the discover cmd with the --public flag.

chainloop discover --public -d sha256:679d7f74941e1b121c49f85b2efbe7a147db90d60352e02b1d20da0a8b44c924

{
  "digest": "sha256:679d7f74941e1b121c49f85b2efbe7a147db90d60352e02b1d20da0a8b44c924",
  "kind": "CONTAINER_IMAGE",
  "downloadable": false,
  "public": true,
  "createdAt": "2023-11-09T13:33:50.3421Z",
  "references": [
     {
        "digest": "sha256:0017be43cbf1e4a8db5e635130b08ad2f08681cec164ef18e119d72c8591f224",
        "kind": "ATTESTATION",
        "downloadable": true,
        "public": true,
        "createdAt": "2023-11-27T16:08:51.184944Z",
        "references": []
     },
     {
        "digest": "sha256:00409892e7295d2c6ad6ae85d8a0f4ec68024985175d7b77c4c912c22bc09d09",
        "kind": "ATTESTATION",
        "downloadable": true,
        "public": true,
        "createdAt": "2023-11-17T12:30:07.963532Z",
        "references": []
     },
     {
...

What's Changed

  • Bump Helm Chart Version => v0.30.0 by @github-actions in #426
  • fix(cli): handle empty files by @jiparis in #430
  • feat(referrer): support same digest for two different kinds by @migmartri in #431
  • chore(deps): Bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.1 by @dependabot in #429
  • feat(referrer): kind parameter support by @migmartri in #434
  • feat(runner): Integrate runner for CircleCI builds by @buccarel in #437
  • feat: workflow update by @migmartri in #436
  • fix(runner): remove optional env variable from the requirements by @buccarel in #439
  • feat(referrers): add public property by @migmartri in #438
  • feat(referrers): shared index API by @migmartri in #441
  • deploy(referrers): add public index configuration by @migmartri in #444

Full Changelog: v0.30.0...v0.40.0

Contributors

migmartri, jiparis, and 2 other contributors
Assets 15
Loading