add authentication to remote descriptor retrieval in fetchAttestationsForReference

refoo0 · refoo0 · commit 4dd9e6b6f32a · 2026-04-22T17:21:57.000+02:00
Signed-off-by: rafi &lt;refaei.shikho@hotmail.com&gt;
diff --git a/cmd/devguard-scanner/scanner/discover.go b/cmd/devguard-scanner/scanner/discover.go
@@ -21,6 +21,7 @@ import (
 	"encoding/json"
 	"fmt"
 
+	"github.com/google/go-containerregistry/pkg/authn"
 	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/google/go-containerregistry/pkg/v1/remote"
 	"github.com/pkg/errors"
@@ -34,7 +35,7 @@ type AttestationFileLine struct {
 }
 
 func fetchAttestationsForReference(ctx context.Context, ref name.Reference) ([]oci.Signature, error) {
-	desc, err := remote.Get(ref, remote.WithContext(ctx))
+	desc, err := remote.Get(ref, remote.WithContext(ctx), remote.WithAuthFromKeychain(authn.DefaultKeychain))
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to get remote descriptor")
 	}
@@ -63,6 +64,7 @@ func fetchAttestationsForReference(ctx context.Context, ref name.Reference) ([]o
 			sigsPerPlatform, err := ociremote.Signatures(attRef,
 				ociremote.WithRemoteOptions(
 					remote.WithContext(ctx),
+					remote.WithAuthFromKeychain(authn.DefaultKeychain),
 				),
 			)
 			if err != nil {
@@ -83,6 +85,7 @@ func fetchAttestationsForReference(ctx context.Context, ref name.Reference) ([]o
 		sigsSingle, err := ociremote.Signatures(attRef,
 			ociremote.WithRemoteOptions(
 				remote.WithContext(ctx),
+				remote.WithAuthFromKeychain(authn.DefaultKeychain),
 			),
 		)
 		if err != nil {
