Skip to content

v0.1.16

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 09 Feb 08:49
v0.1.16
b9f8c4c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Container Image

ghcr.io/ionet-official/cc-attestation-agent-api@sha256:0dbc024a89b0e992c50e994fa362a669d99fe5799b9843b872320ccea754f781

Quick Deploy

# Download deploy script
curl -fsSL -o deploy.sh https://github.com/ionet-official/cc-attestation-agent-api/releases/latest/download/deploy.sh
chmod +x deploy.sh

# Deploy (requires Docker or Podman)
sudo ./deploy.sh v0.1.16

Verification

Verify image signature

cosign verify ghcr.io/ionet-official/cc-attestation-agent-api@sha256:0dbc024a89b0e992c50e994fa362a669d99fe5799b9843b872320ccea754f781 \
  --certificate-identity-regexp ".*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com"

Verify SBOM attestation

cosign verify-attestation ghcr.io/ionet-official/cc-attestation-agent-api@sha256:0dbc024a89b0e992c50e994fa362a669d99fe5799b9843b872320ccea754f781 \
  --type cyclonedx \
  --certificate-identity-regexp ".*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com"

Verify SLSA provenance (Level 3)

slsa-verifier verify-image ghcr.io/ionet-official/cc-attestation-agent-api@sha256:0dbc024a89b0e992c50e994fa362a669d99fe5799b9843b872320ccea754f781 \
  --source-uri github.com/ionet-official/cc-attestation-agent-api

Verify runtime integrity

After deployment, the image_digest from the API should match:

curl -s http://localhost:8000/ping | jq -r '.image_digest'
# Should return: sha256:0dbc024a89b0e992c50e994fa362a669d99fe5799b9843b872320ccea754f781

What's Changed

  • Add Bearer token authentication to protected endpoints by @atulionet in #34
  • Disable Swagger UI and OpenAPI documentation endpoints by @atulionet in #35

Full Changelog: v0.1.15...v0.1.16

Contributors

atulionet
Assets 6
Loading