Replies: 3 comments
-
Observations on Docker Hub:
|
Beta Was this translation helpful? Give feedback.
0 replies
-
Observations on GHCR:
|
Beta Was this translation helpful? Give feedback.
0 replies
-
Observations on GitLab Registry (https://gitlab.com/jauderho/sandbox/container_registry/):
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
There has been a lot of interest in supply chain security recently and there is a lot of ongoing work in evolving this space. Part of the goals of this repository is to explore new developments.
Cosign container signing and SBOM generation were recently implemented in one of the containers built as part of this repo. See https://github.com/jauderho/dockerfiles/blob/099655baac390f47854f151eab3c1da3f0396aee/.github/workflows/age.yml
This workflow implements the following:
AFAIK, this has been verified to work, see https://github.com/jauderho/dockerfiles/actions/runs/1779759507
However, there appears to be a number of outstanding issues:
docker pull alpine:3.15 && docker inspect alpine:3.15 | grep @
invalid response data
when a version badge is requestedReferences:
Beta Was this translation helpful? Give feedback.
All reactions