From f1a632a207e307d2cc953feca1c8bd08bc2cd482 Mon Sep 17 00:00:00 2001
From: Adam Martin <adam.martin@ranchergovernment.com>
Date: Fri, 24 Oct 2025 17:07:49 -0400
Subject: [PATCH] update for cosign v3 verify (#469)

Signed-off-by: Adam Martin <adam.martin@ranchergovernment.com>
Co-authored-by: Zack Brady <zackbrady123@gmail.com>
---
 pkg/cosign/cosign.go | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/pkg/cosign/cosign.go b/pkg/cosign/cosign.go
index 92932a1..8f0ac7b 100644
--- a/pkg/cosign/cosign.go
+++ b/pkg/cosign/cosign.go
@@ -23,8 +23,9 @@ func VerifySignature(ctx context.Context, s *store.Layout, keyPath string, useTl
 	l := log.FromContext(ctx)
 	operation := func() error {
 		v := &verify.VerifyCommand{
-			KeyRef:     keyPath,
-			IgnoreTlog: true, // Ignore transparency log by default.
+			KeyRef:          keyPath,
+			IgnoreTlog:      true, // Ignore transparency log by default.
+			NewBundleFormat: true,
 		}
 
 		// if the user wants to use the transparency log, set the flag to false
@@ -52,7 +53,7 @@ func VerifyKeylessSignature(ctx context.Context, s *store.Layout, identity strin
 
 		certVerifyOptions := options.CertVerifyOptions{
 			CertOidcIssuer:               oidcIssuer,
-			CertOidcIssuerRegexp:         oidcIssuer,
+			CertOidcIssuerRegexp:         oidcIssuerRegexp,
 			CertIdentity:                 identity,
 			CertIdentityRegexp:           identityRegexp,
 			CertGithubWorkflowRepository: ghWorkflowRepository,
@@ -62,6 +63,7 @@ func VerifyKeylessSignature(ctx context.Context, s *store.Layout, identity strin
 			CertVerifyOptions:            certVerifyOptions,
 			IgnoreTlog:                   false, // Ignore transparency log is set to false by default for keyless signature verification
 			CertGithubWorkflowRepository: ghWorkflowRepository,
+			NewBundleFormat:              true,
 		}
 
 		// if the user wants to use the transparency log, set the flag to false