Skip to content

Commit

Permalink
Apply suggestions from code review
Browse files Browse the repository at this point in the history
Co-authored-by: John Krug <[email protected]>
Signed-off-by: Víctor Cuadrado Juan <[email protected]>
  • Loading branch information
viccuad and jhkrug authored Oct 9, 2024
1 parent 6f1fe0c commit e623b9d
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ about how the project works and how to use it.
Kubewarden controller has its software bill of materials (SBOM) and build
[Provenance](https://slsa.dev/spec/v1.0/provenance) information published every
release. It follows the [SPDX](https://spdx.dev/) format and
[SLSA](https://slsa.dev/provenance/v0.2#schema) provenance schema respectfully.
[SLSA](https://slsa.dev/provenance/v0.2#schema) provenance schema.
Both of the files are generated by [Docker
buildx](https://docs.docker.com/build/metadata/attestations/) during the build
process and stored in the container registry together with the container image
Expand All @@ -118,7 +118,7 @@ cosign verify-blob --certificate-oidc-issuer=https://token.actions.githubusercon
kubewarden-controller-attestation-amd64-provenance.json
```

To verify verify the attestation manifest and its layers signatures:
To verify the attestation manifest and its layer signatures:

```shell
cosign verify --certificate-oidc-issuer=https://token.actions.githubusercontent.com \
Expand Down Expand Up @@ -228,7 +228,7 @@ cosign verify --certificate-oidc-issuer=https://token.actions.githubusercontent.
```

Note that each attestation manifest (for each architecture) has its own layers.
Each layers is a different SBOM SPDX or provenance files generated by Docker
Each layer is a different SBOM SPDX or provenance file generated by Docker
Buildx during the multi stage build process. You can also use `crane` to
download the attestation file:

Expand Down

0 comments on commit e623b9d

Please sign in to comment.