pluto

Changelog

• b7e095e fix(release): fix goreleaesr
• 8375785 fix: goreleaser sign blob fix
• eebd815 fix(release): fix release; fix HIGH vulns (#532)
• 833dc21 fix(release): another attempt to fix the release step (#531)
• 4e7fff1 re-added equals sign (#530)
• 5739b71 Sc/try cosign change (#529)
• be6d45a Accept signature for cosign (#525)

You can verify the signatures of both the checksums.txt file and the published docker images using cosign.

cosign 1.x

cosign verify-blob checksums.txt --signature=checksums.txt.sig  --key https://artifacts.fairwinds.com/cosign.pub

cosign 2.x

cosign verify-blob checksums.txt --signature=checksums.txt.sig  --key https://artifacts.fairwinds.com/cosign.pub --insecure-ignore-tlog

cosign verify us-docker.pkg.dev/fairwinds-ops/oss/pluto:v5 --key https://artifacts.fairwinds.com/cosign.pub