Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[docs] Verification with sigstore-policy-controller #491

Closed
Tracked by #409
ianlewis opened this issue Jul 5, 2022 · 4 comments · Fixed by #946
Closed
Tracked by #409

[docs] Verification with sigstore-policy-controller #491

ianlewis opened this issue Jul 5, 2022 · 4 comments · Fixed by #946
Labels
area:container Issue with the generic container generator type:documentation Improvements or additions to documentation type:feature New feature or request
Milestone
Generic support f...

Comments

@ianlewis
Copy link
Member

ianlewis commented Jul 5, 2022

Document examples using sigstore-policy-controller to verify provenance.
@ianlewis ianlewis added type:documentation Improvements or additions to documentation type:feature New feature or request area:container Issue with the generic container generator labels Jul 5, 2022
@ianlewis ianlewis mentioned this issue Jul 5, 2022
Closed
7 tasks
@laurentsimon
Copy link
Collaborator

There's also https://github.com/sigstore/cosign-gatekeeper-provider for gatekeeper, but it seems the gatekeeper's feature is in alpha mode.

/cc @developer-guy (maintainer for the repo above)

@ianlewis
Copy link
Member Author

ianlewis commented Jul 7, 2022

There's also https://github.com/sigstore/cosign-gatekeeper-provider for gatekeeper, but it seems the gatekeeper's feature is in alpha mode.

/cc @developer-guy (maintainer for the repo above)

I wonder if this supports writing policy against the provenance. At first glance it looks like it just verifies signatures?

@laurentsimon
Copy link
Collaborator

laurentsimon commented Jul 7, 2022
edited
Loading

It's up to us to implement it, so we could make the plugin call our SLSA verifier once we have an API available for it.
/cc @asraa

@laurentsimon
Copy link
Collaborator

@developer-guy would you happen to know someone who is versed in https://docs.sigstore.dev/policy-controller/overview and could give us a hand with a policy example?

Basically, we want to show how to verify our SLSA provenance with a policy.

@ianlewis ianlewis mentioned this issue Aug 3, 2022
Closed
This was referenced Oct 3, 2022
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area:container Issue with the generic container generator type:documentation Improvements or additions to documentation type:feature New feature or request
Projects
None yet
Milestone
Generic support for containers
Development

Successfully merging a pull request may close this issue.

Add doc on sigstore policy-controller ianlewis/slsa-github-generator
2 participants
@ianlewis @laurentsimon