main.go:74: error during command execution: signing **image:tag**: provenance predicate: required field builder missing #3757
Labels
bug
Something isn't working
Comments
|
Seems like the issue is that it expects builder and buildtype outside of predicate, which worked for me. Even tho the official slsa provenance schema has it inside predicte https://slsa.dev/spec/v0.2/provenance#schema |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
and others
Description
I generate my provenance.json file. When i execute
cosign attest --yes --predicate provenance.json --type slsaprovenance --key cosign.key image:tag the command fails and says provenance predicate: required field builder missing.
I use a similar command for my sbom file and that works just fine.
{
"_type": "https://in-toto.io/Statement/v0.1",
"predicateType": "https://slsa.dev/provenance/v0.2",
"subject": [
{
"name": "",
"digest": {
"sha256": ""
}
}],
"predicate": {
"builder": {
"id": "mailto:@.al"
},
"buildType": "https://mobyproject.org/buildkit@v1",
***
}
}
This is the general outline of the file after generated from buildx.
Version
2.2.4
The text was updated successfully, but these errors were encountered: