Fix bugs in v0.1.0

[santoshkal]

This PR fixes some bugs discovered in v0.1.0 and adds some new updates:

• Adds signing of genval artifacts with cosign pvt key apart for signing in keyless mode
• For auth with registries, Genval first looks at users $HOME/.docker/config.json file. if found uses it for auth. If the file is not found, user needs to set env vars ARTIFACT_REGISTRY_USERNAME and ARTIFACT_REGISTRY_PASSWORD for auth.
• Adds genval:$version as HTTP UserAgent while communicating with OCI registries
• If --tools in cuemod init command is not defined from the supported tools, users can now pass cuemods stored in OCI registries ( Please refer README and cuemod init command help for more info.)
• Updates README inline with current workflow.

If merged this version may be tagged and released as v0.1.1

cc/- @devopstoday11

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
AppSec Analyzer (beta)	✅	0 findings
Secrets Analyzer (beta)	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
Configured Codepaths Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Tip

Get answers to your security questions. Add a comment in this PR starting with @DryRunSecurity. For example...

@dryrunsecurity What are common security issues with web application cookies?

Powered by DryRun Security