From 7a4c4df792f58a491b3872c49a4919c02c21b8ec Mon Sep 17 00:00:00 2001
From: Cody Soyland <codysoyland@github.com>
Date: Wed, 6 Nov 2024 16:02:14 -0500
Subject: [PATCH] Filter by bundle artifact type

Signed-off-by: Cody Soyland <codysoyland@github.com>
---
 pkg/cosign/verify.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pkg/cosign/verify.go b/pkg/cosign/verify.go
index f4a0e2c389e..8b58af5c674 100644
--- a/pkg/cosign/verify.go
+++ b/pkg/cosign/verify.go
@@ -1551,6 +1551,12 @@ func getBundles(_ context.Context, signedImgRef name.Reference, co *CheckOpts) (
 	}
 	var bundles = make([]*sgbundle.Bundle, 0, len(index.Manifests))
 	for _, result := range index.Manifests {
+		if !strings.HasPrefix(result.ArtifactType, "application/vnd.dev.sigstore.bundle") {
+			continue
+		}
+		// TODO: We could filter by PredicateType here, but we'd need to thread
+		// the predicate type from the CLI flag to this function (we could add
+		// it to CheckOpts perhaps?)
 		st, err := name.ParseReference(fmt.Sprintf("%s@%s", digest.Repository, result.Digest.String()))
 		if err != nil {
 			return nil, nil, err