Fetching Public Signature and SBOM for N4K Binaries

Guide to retrieve public signatures and SBOMs for N4K binaries.

This guide explains how to fetch the public signature and Software Bill of Materials (SBOM) for N4K (Nirmata for Kyverno) binaries using cosign commands. The process includes fetching details for both FIPS and non-FIPS binaries. Replace the variable with the specific version tag as required.

Fetching the Signature for N4K Binaries

Use the following command to fetch the signature for a specified N4K binary tag:

COSIGN_REPOSITORY=ghcr.io/nirmata/signatures cosign download signature ghcr.io/nirmata/kyvernopre:<TAG>

Fetching the SBOM for N4K Binaries

FIPS Binaries

Use the following commands to fetch the SBOMs for FIPS-enabled N4K binaries. Replace with the desired version tag:

COSIGN_REPOSITORY=ghcr.io/nirmata/sbom cosign download sbom ghcr.io/nirmata/cleanup-controller-fips:<TAG>
COSIGN_REPOSITORY=ghcr.io/nirmata/sbom cosign download sbom ghcr.io/nirmata/background-controller-fips:<TAG>
COSIGN_REPOSITORY=ghcr.io/nirmata/sbom cosign download sbom ghcr.io/nirmata/reports-controller-fips:<TAG>
COSIGN_REPOSITORY=ghcr.io/nirmata/sbom cosign download sbom ghcr.io/nirmata/kyverno-fips:<TAG>
COSIGN_REPOSITORY=ghcr.io/nirmata/sbom cosign download sbom ghcr.io/nirmata/kyverno-cli-fips:<TAG>
COSIGN_REPOSITORY=ghcr.io/nirmata/sbom cosign download sbom ghcr.io/nirmata/reports-controller-fips:<TAG>
COSIGN_REPOSITORY=ghcr.io/nirmata/sbom cosign download sbom ghcr.io/nirmata/kyvernopre-fips:<TAG>

Non-FIPS Binaries

For non-FIPS binaries, use the following commands and replace with the specific version tag:

COSIGN_REPOSITORY=ghcr.io/nirmata/sbom cosign download sbom ghcr.io/nirmata/cleanup-controller:<TAG>
COSIGN_REPOSITORY=ghcr.io/nirmata/sbom cosign download sbom ghcr.io/nirmata/background-controller:<TAG>
COSIGN_REPOSITORY=ghcr.io/nirmata/sbom cosign download sbom ghcr.io/nirmata/reports-controller:<TAG>
COSIGN_REPOSITORY=ghcr.io/nirmata/sbom cosign download sbom ghcr.io/nirmata/kyverno:<TAG>
COSIGN_REPOSITORY=ghcr.io/nirmata/sbom cosign download sbom ghcr.io/nirmata/kyverno-cli:<TAG>
COSIGN_REPOSITORY=ghcr.io/nirmata/sbom cosign download sbom ghcr.io/nirmata/reports-controller:<TAG>
COSIGN_REPOSITORY=ghcr.io/nirmata/sbom cosign download sbom ghcr.io/nirmata/kyvernopre:<TAG>

Notes

Ensure you have cosign installed and configured before running these commands.

Replace with the version tag of the N4K binary you want to fetch, e.g., v1.13.2-n4k.nirmata.2.

Refer to the official documentation for further details on cosign usage and capabilities.