Version: 0.2.x

cosign_attach

Implementation details for attach rule

Rules

cosign_attach

Attach an attachment to an oci_image at a remote registry using cosign.

oci_image(
    name = "image"
)

cosign_attach(
    name = "attach_sbom",
    type = "sbom"
    attachment = "image.sbom.spdx.json",
    repository = "index.docker.io/org/image"
)

repository attribute can be overridden using the --repository flag.

oci_image(
    name = "image"
)

cosign_attach(
    name = "attach_sbom",
    type = "sbom"
    attachment = "image.sbom.spdx.json",
    repository = "index.docker.io/org/image"
)

via bazel run :attach_sbom -- --repository=index.docker.io/org/test

Example usage (generated):

load("@contrib_rules_oci//cosign/private:attach.bzl", "cosign_attach")

cosign_attach(
    # A unique name for this target.
    name = "",
    # Label to the attachment
    attachment = "",
    # Label to an oci_image
    image = "",
    # Repository URL where the image will be signed at, e.g.: `index.docker.io/<user>/image`
    repository = "",
    # Type of attachment
    type = "",
)

name

Required name.

A unique name for this target.

attachment

Required label.

Label to the attachment. Only files are allowed. eg: sbom.spdx, in-toto.json

image

Required label.

Label to an oci_image

repository

Required string.

    Repository URL where the image will be signed at, e.g.: `index.docker.io/<user>/image`.

Digests and tags are not allowed.

type

Required string.

Type of attachment. Acceptable values are: attestation, sbom, and signature

Rules

cosign_attach​

name​

attachment​

image​

repository​

type​

cosign_attach

name

attachment

image

repository

type