Skip to content

Comments

Lab8 submission: Basanov Maxim#8

Open
scruffyscarf wants to merge 1 commit intomainfrom
feature/lab8
Open

Lab8 submission: Basanov Maxim#8
scruffyscarf wants to merge 1 commit intomainfrom
feature/lab8

Conversation

@scruffyscarf
Copy link
Owner

Goal

Sign and verify container images, attach and verify attestations (SBOM/provenance), and optionally sign non-container artifacts β€” all locally, without code changes.

Changes

Added labs/lab4/syft/juice-shop-syft-native.json
Added labs/lab8/analysis/ref-after-tamper.txt
Added labs/lab8/analysis/ref.txt
Added labs/lab8/artifacts/sample.tar.gz
Added labs/lab8/artifacts/sample.tar.gz.bundle
Added labs/lab8/artifacts/sample.txt
Added labs/lab8/artifacts/verify-blob.txt
Added labs/lab8/attest/juice-shop.cdx.json
Added labs/lab8/attest/provenance.json
Added labs/lab8/attest/verify-provenance.txt
Added labs/lab8/attest/verify-sbom-attestation.txt
Added labs/lab8/signing/cosign.key
Added labs/lab8/signing/cosign.pub
Added labs/submission8.md

Testing

No testing

Artifacts & Screenshots

labs/lab8
β”œβ”€β”€ analysis
β”‚   β”œβ”€β”€ ref-after-tamper.txt
β”‚   └── ref.txt
β”œβ”€β”€ artifacts
β”‚   β”œβ”€β”€ sample.tar.gz
β”‚   β”œβ”€β”€ sample.tar.gz.bundle
β”‚   β”œβ”€β”€ sample.txt
β”‚   └── verify-blob.txt
β”œβ”€β”€ attest
β”‚   β”œβ”€β”€ juice-shop.cdx.json
β”‚   β”œβ”€β”€ provenance.json
β”‚   β”œβ”€β”€ verify-provenance.txt
β”‚   └── verify-sbom-attestation.txt
β”œβ”€β”€ registry
└── signing
    β”œβ”€β”€ cosign.key
    └── cosign.pub

Checklist

  • Task 1 β€” Local registry, signing, verification (+ tamper demo)
  • Task 2 β€” Attestations (SBOM or provenance) + payload inspection
  • Task 3 β€” Artifact signing (blob/tarball)
  • PR has a clear and descriptive title
  • Documentation has been updated if necessary
  • No sensitive data or large temporary files have been committed

@scruffyscarf scruffyscarf changed the title docs: add lab8 submission β€” signing + attestations Lab8 submission: Basanov Maxim Oct 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant