From 171b9bc8dfe5553f8482f3305c39e7561aeaed3c Mon Sep 17 00:00:00 2001
From: Klaus Hartl <klaus.hartl@digitalservice.bund.de>
Date: Wed, 3 Apr 2024 13:17:19 +0200
Subject: [PATCH] Fix documented cosign command

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index d1a1384..a2ffc4d 100644
--- a/README.md
+++ b/README.md
@@ -137,7 +137,7 @@ Container images in the registry are [signed with keyless signatures](https://gi
 **To verify an image**:
 
 ```bash
-cosign verify "ghcr.io/digitalservicebund/kotlin-application-template:$(git log -1 origin/main --format='%H')"
+cosign verify "ghcr.io/digitalservicebund/kotlin-application-template:$(git log -1 origin/main --format='%H')" --certificate-identity="https://github.com/digitalservicebund/kotlin-application-template/.github/workflows/pipeline.yml@refs/heads/main" --certificate-oidc-issuer="https://token.actions.githubusercontent.com"
 ```
 
 If you need to push a new container image to the registry manually there are two ways to do this: