-
-
Notifications
You must be signed in to change notification settings - Fork 56
Verify the Docker Image
irongut edited this page Aug 13, 2022
·
3 revisions
Code Coverage Summary uses Docker images stored on GitHub Container Registry and cryptographically signed using Sigstore.
- Install sigstore/cosign.
- Run:
COSIGN_EXPERIMENTAL=1 cosign verify ghcr.io/irongut/codecoveragesummary:v1.3.0
Replace the version number in the command with the CCS version you want to verify.
COSIGN_EXPERIMENTAL=1 cosign verify ghcr.io/irongut/codecoveragesummary:v1.3.0
Verification for ghcr.io/irongut/codecoveragesummary:v1.3.0 --
The following checks were performed on each of these signatures:
- The cosign claims were validated
- Existence of the claims in the transparency log was verified offline
- Any certificates were verified against the Fulcio roots.
In the JSON data that follows the docker-manifest-digest
values should contain the hash value shown in the table below and on the Package page.
CCS Version | SHA256 Hash |
---|---|
v1.3.0 | daebdede906ca84788b94378a1504a88d38621198d3836df24d60d6215e64a86 |
v1.3.0-beta | 2f250007c6792c7e6384607ea65ac9b7911cffb81eb8b83946bad2139a3fe5d5 |