cosign-fips
Fips
Stig
Utils
docker pull reg.mini.dev/cosign-fips
Fips
Stig
Utils
Updated on June 14
docker pull reg.mini.dev/cosign-fips
SBOM Signature
Verify this image using Cosign to confirm it originates from Minimus. Cosign by Sigstore is the recommended open source toolset for supply-chain security.
The commands below verify latest. With a subscription for this image, you can verify any version and its SBOM. Learn More
Get Cosign
You can use the Cosign image offered by Minimus or install the following locally:
Verify SBOM Signature
Verify latest
cosign verify-attestation \
--type https://spdx.dev/Document \
--certificate-oidc-issuer=https://accounts.google.com \
--certificate-identity=minimus-images-sa@prod-375107.iam.gserviceaccount.com \
reg.mini.dev/cosign-fips@sha256:8c35d7ab8cbaecf4d92653798ad622d2b7d2007dc15696978185e926acf5a976Expected output
Verification for <image URL> --The following checks were performed on each of these signatures:- The cosign claims were validated- Existence of the claims in the transparency log was verified offline- The code-signing certificate was verified using trusted certificate authority certificatesCertificate subject: https://github.com/minimusio/images/.github/workflows/build.yaml@refs/heads/mainCertificate issuer URL: https://token.actions.githubusercontent.comGitHub Workflow Trigger: pushGitHub Workflow SHA: dd163c4c4cd40309e9125158ed8c4698680d931fGitHub Workflow Name: PublishGitHub Workflow Repository: minimusio/imagesGitHub Workflow Ref: refs/heads/main{"payloadType":"application/vnd.in-toto+json","payload":"eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0Z…