Skip to content

Instantly share code, notes, and snippets.

package main
import (
$ ./cosign sign -key cosign.key
Enter password for private key:
Pushing signature to:
error: PUT unexpected status code 500 Internal Server Error: {"error":"Something has gone terribly wrong."}
## It Works!
## I signed cosign itself!
$ oras push ./cosign
Uploading f53604826795 cosign
Digest: sha256:551e6cce7ed2e5c914998f931b277bc879e675b74843e6f29bc17f3b5f692bef
$ cosign sign -key cosign.key
Enter password for private key:
Pushing signature to:
$ cosign verify -key
# First try, we get edb8f4a65586 as our hash
$ cat << EOF | docker build --no-cache -
> FROM alpine
> RUN touch foo
Sending build context to Docker daemon 2.048kB
Step 1/2 : FROM alpine
---> a24bb4013296
Step 2/2 : RUN touch foo
---> Running in 9687f21f4edb
$ snyk test
Testing /Users/dlorenc/go/src/
Tested 461 dependencies for known issues, found 12 issues, 22 vulnerable paths.
Issues to fix by upgrading:
Upgrade angular@1.6.9 to angular@1.8.0 to fix
dlorenc / archived
Last active December 23, 2020 00:17
# This doesn't handle vanity imports.
repos=$(go list -mod=readonly -u -m all | cut -d' ' -f1 | grep github)
# Should probably use the API, but rate-limiting...
for r in $repos; do
if curl -L https://$r 2>/dev/null | grep "This repository has been archived";then
echo "$r is archived";
✗ Low severity vulnerability found in
Description: Denial of Service (DoS)
Introduced through:
Fixed in: 1.19.0-rc.4
✗ Medium severity vulnerability found in
Description: Man-in-the-Middle (MitM)
type RemoteRef struct {
Url string
Sha string
type InlineData []byte
type Content struct {
// oneOf RemoteRef|Data
RemoteRef RemoteRef
package main
import (
kind: Task
name: orka-script
# This also requires a secret called "macstadium" to exist with the following keys:
# token: the orka API auth token. Can be obtained from the $HOME/./.config/configstore/orka-cli.json file
# after an `orka login`
# license: the orka API license. Can be obtained from your IP plan.