-
Notifications
You must be signed in to change notification settings - Fork 49
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SLSA verifier as a service #163
Comments
It would also be beneficial for a service to have a configuration of options: e.g. if we have a stable service, we can more easily pin a trust root for the sigstore signing service (e.g. a hosted sigstore ecosystem). Moreover, we can do things like enforce certain properties of builds with a service configuration rather than CLI options |
yep I agree having option will be useful. I was thinking it could even be aligned with #158? Do you see use cases where the service and the CLI would significantly differ? I was thinking we could try to have them be more-or-less the same interface. That improves usability for a user who first tries the service, then wants to use the CLI and vice-versa. I would not say this is a hard constraint, though, but it'd be nice. Was that the sort of configuration you had in mind; or something different? |
If we actually go through with creating a service, I wonder if it would make sense to define the service using grpc and expose it as a JSON service through grpc-gateway. |
To make the verifier accessible to everyone easily, we could have a REST/gRPC API to verify as a service.
Possible use cases:
The text was updated successfully, but these errors were encountered: