Chitrang Patel
Chitrang Patel
A lot of these should apply as is to the new provenance type as well. We haven't verified that though. I t might be worth trying if storing the provenance...
Thank you for reporting that! I've checked that off the list.
/assign @lcarva
The SLSA1.0 predicate for chains is designed [here](https://docs.google.com/document/d/1ewqtPXyg_y3MmU6Tc6l1X8nfzjt0AJHlP6VOnFsGNpQ/edit). TL;DR: 1. We will store the entire `pipelinerun/taskrun` spec in `externalParameters`. This means that for `fully-embedded tasks and pipelines` you have most...
Thanks @joejstuart for that example. Some more thoughts: Do you want this predicate type to look exactly like above or have a more SLSA v1.0 like layout? i.e. Move some...
My only friction with putting everything in one place is that it goes against the guidelines suggested by SLSA. I totally see the value in having it all in one...
Created an issue https://github.com/tektoncd/chains/issues/834 to deal with pipelineSpec and taskSpec in resolved dependencies.
Thanks @wlynch! I think splitting this up makes a lot of sense. I like the fact that cluster operators can choose not to run the userspace controller. 👍 from me.
cc @wlynch @lcarva @joejstuart @chuangw6