Skip to content

Verify the Docker Image

irongut edited this page Aug 13, 2022 · 3 revisions

Code Coverage Summary uses Docker images stored on GitHub Container Registry and cryptographically signed using Sigstore.

How to Verify the Docker Image

  1. Install sigstore/cosign.
  2. Run: COSIGN_EXPERIMENTAL=1 cosign verify ghcr.io/irongut/codecoveragesummary:v1.3.0

Replace the version number in the command with the CCS version you want to verify.

COSIGN_EXPERIMENTAL=1 cosign verify ghcr.io/irongut/codecoveragesummary:v1.3.0

Verification for ghcr.io/irongut/codecoveragesummary:v1.3.0 --
The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - Existence of the claims in the transparency log was verified offline
  - Any certificates were verified against the Fulcio roots.

In the JSON data that follows the docker-manifest-digest values should contain the hash value shown in the table below and on the Package page.

CCS Version SHA256 Hash
v1.3.0 daebdede906ca84788b94378a1504a88d38621198d3836df24d60d6215e64a86
v1.3.0-beta 2f250007c6792c7e6384607ea65ac9b7911cffb81eb8b83946bad2139a3fe5d5