Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add tssc concept to build #5

Open
raffaelespazzoli opened this issue Apr 26, 2022 · 3 comments
Open

add tssc concept to build #5

raffaelespazzoli opened this issue Apr 26, 2022 · 3 comments
Assignees
@sabre1041

Comments

@raffaelespazzoli
Copy link
Owner

  • decide on the tooling. Not sure what goes here, but there will be a need for an evidence/attestation wharehouse and a policy enforcer. I'd like to use sigstore and kiverno if they fit the bill.
  • deploy the tooling. using gitops
  • enhance the pipeline to use the tooling
  • implement one policy to prove the concept, possibly an image signature verification.
@BillBensing
Copy link

We can start here -> https://github.com/ploigos-automated-governance/1-demo/blob/main/README.md

@BillBensing
Copy link

I can walk through how I think the implementation should look like.

@raffaelespazzoli
Copy link
Owner Author

as a first step, can we discuss what tools we need and how they are going to interact? Let's say for now that we want to sign images. and allow only signed images to be ran.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sabre1041 sabre1041

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sabre1041 @raffaelespazzoli @BillBensing