John Kjell
John Kjell
Description: what's your idea? Impact: Describe the customer impact of the problem. Who will this help? How will it help them? Help grow community interest and participation in all aspects...
Update GHA triggers to fine tune for code changes vs other updates
Change to group dependency updates per ecosystem (GHA, go-mod)
## What this PR does / why we need it Add a SLSA & Link Attestor with an option to export them to their own attestations. ## Acceptance Criteria Met...
Today, attestors are limited to one run during one lifecycle stage. It will be useful to run the same attestor during different points to collect additional information. Example: I'd like...
**What steps did you take and what happened:** When using a policy with `artifactsFrom` for two or more attestations using only the products and materials attestors (or anything other combination...
Add a new link attestor and the ability to return multiple signed attestation with `RunWithExports` function.
Achieve a score of 💯 on [CLOMonitor](https://clomonitor.io/projects/cncf/in-toto#go-witness) Remaning Tasks: - [ ] Dependency Policy - [ ] SBOM - [ ] Security Insights file - [ ] Token Permissions
The results of our task can be seen here: https://hush-house.pivotal.io/teams/PE/pipelines/kibosh/jobs/delete-gke-cluster-and-registry-images/builds/1. Our pipeline creates and deletes a GKE cluster using our service account key provided. On our delete step, we forgot...
**Description** It would be awesome to see the results of policy-controller admissions recorded on affected objects. There's a great example from [Tekton Chains](https://github.com/tektoncd/chains/blob/main/docs/tutorials/signed-provenance-tutorial.md#verifying-the-image-and-attestation) where they record helpful metadata: ``` kubectl...