policy-controller icon indicating copy to clipboard operation
policy-controller copied to clipboard

Published 20 hours ago verified publisher icon sigstore

Add support for slsa provenance verification

Open hectorj2f opened this issue 2 years ago • 3 comments

Description

We need to explore how to verify the existence of SLSA provenance attached to container images. It is currently possible to inspect SLSA attestations however this could be simplified by using the slsa-provenance-verifier.

hectorj2f avatar Feb 22 '23 10:02 hectorj2f

Hi @hectorj2f, by slsa-provenance-verifier, are you referring to this: https://github.com/slsa-framework/slsa-verifier?

rakshitgondwal avatar Oct 18 '24 16:10 rakshitgondwal

/assign @haydentherapper is this still open ?

Horiodino avatar Feb 15 '25 15:02 Horiodino

Hey, I'm not a maintainer on policy-controller, but I think this is intertwined with ongoing work from @codysoyland already.

haydentherapper avatar Feb 18 '25 18:02 haydentherapper