cosign download sbom fails when the remote image is absent #2603
Description
Description
This is related to #1905
Currently, when trying to download a sbom attached to an image via a digest, it fails trying to look up for the original image.
Error;
Error: entity not found in registry
main.go:46: error during command execution: entity not found in registry
Ideally, this command shouldn't go look up to see if the image really exists.
What I am trying to do;
1 - build an image locally
2 - get its digest
3 - call cosign sign repo@digest and sign the image at remote
4 - call cosign attach sbom repo@digest --sbom <path>
5 - call cosign download sbom repo@digest (for verifying purposes)
6 - push the image
Version
______ ______ _______. __ _______ .__ __.
/ | / __ \ / || | / _____|| \ | |
| ,----'| | | | | (----`| | | | __ | \| |
| | | | | | \ \ | | | | |_ | | . ` |
| `----.| `--' | .----) | | | | |__| | | |\ |
\______| \______/ |_______/ |__| \______| |__| \__|
cosign: A tool for Container Signing, Verification and Storage in an OCI registry.
GitVersion: 1.8.0
GitCommit: 9ef6b207218572b3257a5b4251418d75569baaae
GitTreeState: "clean"
BuildDate: 2022-04-27T13:40:34Z
GoVersion: go1.18.1
Compiler: gc
Platform: darwin/arm64