Uploaded image for project: 'OpenShift Pipelines'
  1. OpenShift Pipelines
  2. SRVKP-3815

R&D Figure out how to include tests as part of attestations

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • Tekton Ecosystem
    • R&D Figure out how to include tests as part of attestations
    • False
    • None
    • False
    • To Do
    • 100% To Do, 0% In Progress, 0% Done

      Linked to https://issues.redhat.com/browse/TKNECO-99, we want to enforce that tests ran on the tekton resource we pulled. Running tests for all task we pull doesn't scale, so we need to be able to trust tests were ran (and successfull)

      This seems to be possible with in-toto: https://github.com/in-toto/attestation/blob/main/spec/predicates/test-result.md.

      We need to figure out how we could generate those and validate them.

              vdemeest Vincent Demeester
              vdemeest Vincent Demeester
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: