Collect hashes of local and remote resources #32

mikhailswift · 2021-09-08T20:26:52Z

Currently hashes are being collected for some resources but not all. This should be expanded to include all images, helm charts, files, etc. When resources are fetched from a remote hashes should be confirmed with the remote registry after pull. These hashes should then be verified prior to deploying a zarf package.

This likely will be a sub-task of #22

JasonvanBrackel · 2022-09-15T12:43:04Z

Possibly a subtask of #23

jeff-mccoy · 2023-01-12T06:37:23Z

Stale issue, closing.

jeff-mccoy added the sbom Software Bill of Materials label Sep 11, 2021

RothAndrew added this to the sbom milestone Feb 4, 2022

jeff-mccoy added the packager label Feb 26, 2022

jeff-mccoy modified the milestones: sbom, Zarf GA Mar 7, 2022

jeff-mccoy added sbom Software Bill of Materials and removed sbom Software Bill of Materials labels Jun 29, 2022

jeff-mccoy removed this from the Zarf GA milestone Jun 29, 2022

JasonvanBrackel mentioned this issue Sep 15, 2022

Implement cryptographic validation of all payload and metadata in a zarf package #23

Closed

jeff-mccoy closed this as completed Jan 12, 2023

alinalex1392 mentioned this issue Aug 31, 2023

zarf prepare find-images does not break if any of the valueFiles of the helm charts are invalid #1999

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Collect hashes of local and remote resources #32

Collect hashes of local and remote resources #32

mikhailswift commented Sep 8, 2021 •

edited

Loading

JasonvanBrackel commented Sep 15, 2022

jeff-mccoy commented Jan 12, 2023

Collect hashes of local and remote resources #32

Collect hashes of local and remote resources #32

Comments

mikhailswift commented Sep 8, 2021 • edited Loading

JasonvanBrackel commented Sep 15, 2022

jeff-mccoy commented Jan 12, 2023

mikhailswift commented Sep 8, 2021 •

edited

Loading