You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Proposed by Google, SLSA (Supply Chain Levels for Software Artifacts) is a security framework and a check-list of standards and controls to prevent tampering, improve software supply chain integrity, and secure software packages and infrastructure in projects, businesses or enterprises. It is not a single tool, but a step-by-step outline to prevent artifacts from being tampered with and tampered artifacts from being used, and at the higher levels, to strengthen the platforms that make up a supply chain. Manufacturers follow the SLSA guidelines to safeguard their software, and users make decisions based on the security status of software packages.
KubeArmor is a security engine, thus it is imperative that it follows all the best practices of the supply chain methods. KubeArmor has already begun the journey by ensuring that the generated container images are signed and can be verified using cosign.
Feature Request
Proposed by Google, SLSA (Supply Chain Levels for Software Artifacts) is a security framework and a check-list of standards and controls to prevent tampering, improve software supply chain integrity, and secure software packages and infrastructure in projects, businesses or enterprises. It is not a single tool, but a step-by-step outline to prevent artifacts from being tampered with and tampered artifacts from being used, and at the higher levels, to strengthen the platforms that make up a supply chain. Manufacturers follow the SLSA guidelines to safeguard their software, and users make decisions based on the security status of software packages.
KubeArmor is a security engine, thus it is imperative that it follows all the best practices of the supply chain methods. KubeArmor has already begun the journey by ensuring that the generated container images are signed and can be verified using cosign.
Tasks Involved
Reference
Check how KubeEdge got the SLSA 3 compliance handled and follow a similar strategy.
The text was updated successfully, but these errors were encountered: