Skip to content

feat(lab8): cosign sign + SBOM/provenance attestations + blob signing#1407

Open
IamdLite wants to merge 41 commits into
inno-devops-labs:mainfrom
IamdLite:feature/lab8
Open

feat(lab8): cosign sign + SBOM/provenance attestations + blob signing#1407
IamdLite wants to merge 41 commits into
inno-devops-labs:mainfrom
IamdLite:feature/lab8

Conversation

@IamdLite

@IamdLite IamdLite commented Jul 3, 2026

Copy link
Copy Markdown

Goal

Add Lab 8 submission demonstrating Cosign image signing, SBOM and provenance attestations, and blob signing verification.

Changes

  • Added submissions/lab8.md
  • Added supporting Lab 8 artifacts (verification outputs, digest, screenshots/results)

Testing

  • Ran cosign sign (successful)
  • Ran cosign verify (original image verified successfully)
  • Ran cosign verify on tampered digest (failed with no signatures found)
  • Ran cosign attest and cosign verify-attestation (SBOM and provenance verified)
  • Ran cosign sign-blob and cosign verify-blob (success and tamper detection confirmed)

Artifacts & Screenshots

  • submissions/lab8.md

  • labs/lab8/results/

  • labs/lab8/screenshots/ (if applicable)

  • Title uses feat(lab8): cosign signing and attestations style

  • No secrets/large temp files committed

  • submissions/lab8.md present

  • Task 1 — Image signed + tamper demo (both shown)

  • Task 2 — SBOM + provenance attestations attached and verified

  • Bonus — Blob signed + verify-blob success + tamper failure

IamdLite and others added 30 commits June 10, 2026 05:12
feat(lab1): juice shop deploy + PR template + triage report
chore(lab2): remove lab1 files so PR contains only lab2 work
feat(lab2): Threagile threat model + secure variant + auth flow
feat(lab3): SSH signing + gitleaks pre-commit + history rewrite practice
feat(lab4): juice-shop SBOM + Grype/Trivy comparison + sign-ready att…
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant