Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-453

Sigstore runtime validation support in OpenShift

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • None
    • Core, Node
    • False
    • Hide

      None

      Show
      None
    • False
    • 66
    • 66% 66%
    • 0
    • 0

      Executive Summary

      Image and artifact signing is a key part of a DevSecOps model. The Red Hat-sponsored sigstore project aims to simplify signing of cloud-native artifacts and sees increasing interest and uptake in the Kubernetes community. This document proposes to incrementally invest in OpenShift support for sigstore-style signed images and be public about it. The goal is to give customers a practical and scalable way to establish content trust. It will strengthen OpenShift’s security philosophy and value-add in the light of the recent supply chain security crisis.

       

      CRIO 

      1. Support customer image validation
      2. Support OpenShift release image validation

      https://docs.google.com/document/d/12ttMgYdM6A7-IAPTza59-y2ryVG-UUHt-LYvLw4Xmq8/edit# 

       

       

            gausingh@redhat.com Gaurav Singh
            gausingh@redhat.com Gaurav Singh
            Miloslav Trmač, Qi Wang, Sascha Grunert
            Aruna Naik Aruna Naik
            Matthew Werner Matthew Werner
            Mrunal Patel Mrunal Patel
            Derrick Ornelas Derrick Ornelas
            Votes:
            0 Vote for this issue
            Watchers:
            17 Start watching this issue

              Created:
              Updated: