pipeline icon indicating copy to clipboard operation
pipeline copied to clipboard

Published 20 hours ago verified publisher icon tektoncd

Create in-toto attestations based on the Pipeline definition

Open hectorj2f opened this issue 3 years ago • 3 comments

Feature request

An in-toto layout defines the steps of your software supply chain that you carry out in order to write, test, package and distribute your software. I feel the Tekton Pipeline could create an attestation with all the tasks defined in a Pipeline. This can be used to ensure the integrity of the triggered pipeline.

Use case

When creating a Pipeline, you could create an in-toto attestation to ensure the Pipeline steps have been all executed successfully.

hectorj2f avatar May 14 '22 06:05 hectorj2f

/kind question

hectorj2f avatar May 14 '22 06:05 hectorj2f

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale with a justification. Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with /close with a justification. If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle stale

Send feedback to tektoncd/plumbing.

tekton-robot avatar Aug 12 '22 07:08 tekton-robot

Stale issues rot after 30d of inactivity. Mark the issue as fresh with /remove-lifecycle rotten with a justification. Rotten issues close after an additional 30d of inactivity. If this issue is safe to close now please do so with /close with a justification. If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle rotten

Send feedback to tektoncd/plumbing.

tekton-robot avatar Sep 11 '22 07:09 tekton-robot

Rotten issues close after 30d of inactivity. Reopen the issue with /reopen with a justification. Mark the issue as fresh with /remove-lifecycle rotten with a justification. If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/close

Send feedback to tektoncd/plumbing.

tekton-robot avatar Oct 11 '22 07:10 tekton-robot

@tekton-robot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity. Reopen the issue with /reopen with a justification. Mark the issue as fresh with /remove-lifecycle rotten with a justification. If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/close

Send feedback to tektoncd/plumbing.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

tekton-robot avatar Oct 11 '22 07:10 tekton-robot