Skip to content

Instantly share code, notes, and snippets.

package main
import (
"bufio"
"fmt"
"io"
"log"
"strings"
"k8s.io/apimachinery/pkg/util/yaml"
$ ./cosign sign -key cosign.key bundle.bar/u/danlorenc/test:v1
Enter password for private key:
Pushing signature to: bundle.bar/u/danlorenc/test:sha256-b423a188fced3b57b330289f60f2317bd947a3f77d823c4fee209dbd58bc2f1f.cosign
error: PUT https://bundle.bar/v2/u/danlorenc/test/manifests/sha256-b423a188fced3b57b330289f60f2317bd947a3f77d823c4fee209dbd58bc2f1f.cosign: unexpected status code 500 Internal Server Error: {"error":"Something has gone terribly wrong."}
## It Works!
## I signed cosign itself!
$ oras push us-central1-docker.pkg.dev/dlorenc-vmtest2/test/artifact ./cosign
Uploading f53604826795 cosign
Pushed us-central1-docker.pkg.dev/dlorenc-vmtest2/test/artifact
Digest: sha256:551e6cce7ed2e5c914998f931b277bc879e675b74843e6f29bc17f3b5f692bef
$ cosign sign -key cosign.key us-central1-docker.pkg.dev/dlorenc-vmtest2/test/artifact@sha256:551e6cce7ed2e5c914998f931b277bc879e675b74843e6f29bc17f3b5f692bef
Enter password for private key:
Pushing signature to: us-central1-docker.pkg.dev/dlorenc-vmtest2/test/artifact:sha256-551e6cce7ed2e5c914998f931b277bc879e675b74843e6f29bc17f3b5f692bef.cosign
$ cosign verify -key cosign.pub us-central1-docker.pkg.dev/dlorenc-vmtest2/test/artifact@sha256:551e6cce7ed2e5c914998f931b277bc879e675b74843e6f29bc17f3b5f692bef
# First try, we get edb8f4a65586 as our hash
$ cat << EOF | docker build --no-cache -
> FROM alpine
> RUN touch foo
> EOF
Sending build context to Docker daemon 2.048kB
Step 1/2 : FROM alpine
---> a24bb4013296
Step 2/2 : RUN touch foo
---> Running in 9687f21f4edb
$ snyk test
Testing /Users/dlorenc/go/src/github.com/grafana/grafana...
Tested 461 dependencies for known issues, found 12 issues, 22 vulnerable paths.
Issues to fix by upgrading:
Upgrade angular@1.6.9 to angular@1.8.0 to fix
@dlorenc
dlorenc / archived
Last active December 23, 2020 00:17
#!/bin/bash
# This doesn't handle vanity imports.
repos=$(go list -mod=readonly -u -m all | cut -d' ' -f1 | grep github)
# Should probably use the API, but rate-limiting...
for r in $repos; do
if curl -L https://$r 2>/dev/null | grep "This repository has been archived";then
echo "$r is archived";
fi;
✗ Low severity vulnerability found in k8s.io/kubernetes
Description: Denial of Service (DoS)
Info: https://snyk.io/vuln/SNYK-GOLANG-K8SIOKUBERNETESSTAGINGSRCK8SIOCLIENTGOUTILJSONPATH-597671
Introduced through: k8s.io/kubernetes@0.0.0
From: k8s.io/kubernetes@0.0.0
Fixed in: 1.19.0-rc.4
✗ Medium severity vulnerability found in k8s.io/kubernetes
Description: Man-in-the-Middle (MitM)
Info: https://snyk.io/vuln/SNYK-GOLANG-K8SIOKUBERNETES-1048855
type RemoteRef struct {
Url string
Sha string
}
type InlineData []byte
type Content struct {
// oneOf RemoteRef|Data
RemoteRef RemoteRef
package main
import (
"bytes"
"encoding/json"
"fmt"
"io"
"log"
"os"
"os/exec"
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: orka-script
spec:
inputs:
# This also requires a secret called "macstadium" to exist with the following keys:
# token: the orka API auth token. Can be obtained from the $HOME/./.config/configstore/orka-cli.json file
# after an `orka login`
# license: the orka API license. Can be obtained from your IP plan.