Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-453

Dev P in 4.16 Re-validation of sigstore signed image at cluster level

XMLWordPrintable

    • Strategic Product Work
    • False
    • Hide

      None

      Show
      None
    • False
    • 0% To Do, 0% In Progress, 100% Done
    • 0
    • Program Call

      Executive Summary

      Image and artifact signing is a key part of a DevSecOps model. The Red Hat-sponsored sigstore project aims to simplify signing of cloud-native artifacts and sees increasing interest and uptake in the Kubernetes community. This document proposes to incrementally invest in OpenShift support for sigstore-style signed images and be public about it. The goal is to give customers a practical and scalable way to establish content trust. It will strengthen OpenShift’s security philosophy and value-add in the light of the recent supply chain security crisis.

       

      CRIO 

      1. Support customer image validation
      2. Support OpenShift release image validation

      https://docs.google.com/document/d/12ttMgYdM6A7-IAPTza59-y2ryVG-UUHt-LYvLw4Xmq8/edit# 

       

       

              gausingh@redhat.com Gaurav Singh
              gausingh@redhat.com Gaurav Singh
              Miloslav Trmač, Qi Wang, Sascha Grunert
              Aruna Naik Aruna Naik
              Matthew Werner Matthew Werner
              Mrunal Patel Mrunal Patel
              Derrick Ornelas Derrick Ornelas
              Votes:
              0 Vote for this issue
              Watchers:
              19 Start watching this issue

                Created:
                Updated:
                Resolved: