Docker-in-Docker (DinD) capabilities of public runners deactivated. More info

Commit 2f7c8c2a authored by Daniel Jiang's avatar Daniel Jiang
Browse files

Check the tag in isArtifactSigned func

This commit ensures that when CLI is pulling a tag, the content trust middleware check the data in notary to ensure the particular tag is signed, not only the digest.
Signed-off-by: default avatarDaniel Jiang <>
parent 316f0349
......@@ -21,6 +21,9 @@ var (
if err != nil {
return false, err
if len(art.Tag) > 0 {
return checker.IsTagSigned(art.Tag, art.Digest), nil
return checker.IsArtifactSigned(art.Digest), nil
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment