Skip to content

v0.5.0

Latest
Latest
Compare
Choose a tag to compare
@mxab mxab released this 17 Jan 21:44
· 17 commits to main since this release
v0.5.0
2690891
This commit was signed with the committer’s verified signature.
mxab Max Fröhlich
SSH Key Fingerprint: 6Ts2A4dTW0hB0h+o1E59yBeuDD+ooUVAHRRbKJ///AY Learn about vigilant mode.

What's Changed

This release introduces the first version of the notary projects's image verification via NACP.
It allows either via the notation or OPA validator to verify the signature of the images specified in you job's task config.

Demo

notation-demo.mp4

Opa rule:

errors contains msg if {
	some g, t
	input.TaskGroups[g].Tasks[t].Driver == "docker"
	image := input.TaskGroups[g].Tasks[t].Config.image
	# check
	not notation_verify_image(image)
	msg := sprintf("TaskGroup %d Task %d image is invalid (image %s)", [g, t, image])
}
  • feat(notation): Image verifier by @mxab in #5

Full Changelog: v0.4.1...v0.5.0

Contributors

mxab
Assets 12
Loading