Fabian Kammel
Fabian Kammel
I will start with a PoC on this one. I will add functionality to register hooks with the proposed `gittuf add-hooks`. What's the rationale behind creating a RSL entry when...
I would agree, @spectre10, I think having continuous verification using hooks or CI would be great. An important detail is that server-side hooks are only supported on GitHub Enterprise and...
> Do this happen consistently? Yes. > Did you try manually cleaning up the SG to see why it was failing? I did. The setup is as follows: Let's call...
@mythi pointed me in your direction I am currently drafting a blog post about confidential computing for the CNCF blog. I will present it on Thursday in sig security docs....
I have opened the PR for the blog post in https://github.com/kubernetes/website/pull/38973 Let me know if you have some input for the blog post or would like to re-use some of...
After playing around with `gittuf` for a day now and having a think about the required verbs, I am not convinced someone would actually need `gittuf` to be a drop-in...
Just ran into this issue that I was not able to cast from my Android app to Chromecast, since the app was configured to use http://jellyfin.home, after reconfiguring app to...
I just integrated the generator into a project that is also using Renovate with the pinning rule enforced. Manual overwrite for slsa generator package would look like this: ```json "packageRules":...
Thanks for the quick response @laurentsimon. I put together a quick PR. What do you think? > How about linking to your renovatebot config in the generator repo Do you...
The [sigstore/sigstore](https://github.com/sigstore/sigstore) project can be used to programmatically check signatures. We already depend on it in [internal/sigstore/verify.go](https://github.com/edgelesssys/constellation/blob/39f51573ad8533ac444824e74bce4119e459272b/internal/sigstore/verify.go#L23). Maybe you can use or adapt the code that is there?