Cosign v0.6.0 Release Notes
-
✨ Enhancements
- 💥 BREAKING: Moved
cosign upload-blob
tocosign upload blob
(https://github.com/sigstore/cosign/pull/378) - 💥 BREAKING: Moved
cosign upload
tocosign attach signature
(https://github.com/sigstore/cosign/pull/378) - 💥 BREAKING: Moved
cosign download
tocosign download signature
(https://github.com/sigstore/cosign/pull/392) - ➕ Added flags to specify slot, PIN, and touch policies for security keys (Thank you @ddz https://github.com/sigstore/cosign/pull/369)
- ➕ Added
cosign verify-dockerfile
command (https://github.com/sigstore/cosign/pull/395) - ➕ Added SBOM support in
cosign attach
andcosign download sbom
(https://github.com/sigstore/cosign/pull/387) - Sign & verify images using Kubernetes secrets (A muchas muchas gracias to @developer-guy and @Dentrax https://github.com/sigstore/cosign/pull/398)
- ➕ Added support for AWS KMS (谢谢, @codysoyland https://github.com/sigstore/cosign/pull/426)
- 🚀 Numerous enhancements to our build & release process, courtesy @cpanato
🐛 Bug Fixes
- 👌 Verify entry timestamp signatures of fetched Tlog entries (https://github.com/sigstore/cosign/pull/371)
Contributors
- Asra Ali (@asraa)
- Batuhan Apaydın (@developer-guy)
- Carlos Panato (@cpanato)
- Cody Soyland (@codysoyland)
- Dan Lorenc (@dlorenc)
- Dino A. Dai Zovi (@ddz)
- Furkan Türkal (@Dentrax)
- Jake Sanders (@dekkagaijin)
- Jason Hall (@imjasonh)
- Paris Zoumpouloglou (@zuBux)
- Priya Wadhwa (@priyawadhwa)
- Rémy Greinhofer (@rgreinho)
- Russell Brown (@rjbrown57)
- 💥 BREAKING: Moved