Description

The command cosign dockerfile verify ./Dockerfile works great if a Dockerfile contains literal image names but not for anything else.

I'd like the two following methods to be supported

1. resolve from variable

ARG IMAGE=myimage:mytag
FROM $IMAGE

(ARG or ENV)

2. image in COPY

COPY --from=myimage:mytag /etc/passwd /etc/passwd

/assign