The version of cosign used by the container generator (v2.2.3) is getting pretty old and should probably be updated.
The newest version of cosign (v2.5.0) includes a new attestation bundle format which we should probably support as the previous format will likely be phased out. This will also likely need a corresponding change in slsa-verifier.
The version of
cosignused by the container generator (v2.2.3) is getting pretty old and should probably be updated.The newest version of cosign (v2.5.0) includes a new attestation bundle format which we should probably support as the previous format will likely be phased out. This will also likely need a corresponding change in
slsa-verifier.