-
Notifications
You must be signed in to change notification settings - Fork 44
Closed
Labels
bugSomething isn't workingSomething isn't workingsecurity 👮Security issues or related toSecurity issues or related to
Description
It appears that this image isn't signed:
cosign verify ghcr.io/cloudnative-pg/postgresql@sha256:6d41466de5d43a80544cc5768038b2de964ae5b1d725683c03c5d9f81fdc2e43 --certificate-identity-regexp="^https://github.com/cloudnative-pg/postgres-containers/" --certificate-oidc-issuer="https://token.actions.githubusercontent.com"
Error: no signatures found
error during command execution: no signatures found
The same goes for all other images built 3 days ago. I guess it has something to do with this failed workflow.
This is a bit problematic for environments which are automatically validating image signatures through policies, as these will now block pods of CNPG clusters based on these images.
FYI images built 10 days ago actually do contain a signature.
Metadata
Metadata
Assignees
Labels
bugSomething isn't workingSomething isn't workingsecurity 👮Security issues or related toSecurity issues or related to
Type
Projects
Status
Done