policy-controller
policy-controller copied to clipboard
sigstore
**Description** Policy-Controller currently supports verification of attestations/signatures generated using `cosign sign`/`cosign attest`, which attach signatures/attestations using the process described in the [Cosign Signature Specification](https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md#storage). In summary, this signature attachment scheme...
#### Summary When using `policy-tester`, I noticed the tool always output debug level logging. I added an optional `log-level` flag that will default to Info level logging. I also updated...
Bumps [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp) from 0.7.5 to 0.7.6. Changelog Sourced from github.com/hashicorp/go-retryablehttp's changelog. 0.7.6 (May 9, 2024) ENHANCEMENTS: client: support a RetryPrepare function for modifying the request before retrying (#216) client: support...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
**Description** Make policy-controller configurable to only consider pods, not higher level resources. ### Use case We are using a continuous reconciliation (GitOps) solution, Flux, to maintain cluster state. The mutation...
**Description** Hey folks, I'm struggling to get this working in an Azure Kubernetes Service cluster. Here's what I've done up to this point, and would love any info you can...
**Description** Based on clusterImagePolicy API, it has options to accept key, keyless authority. Can we also support non-identity based cert as verifier to verify signatures, such as https://github.com/sigstore/cosign/blob/main/cmd/cosign/cli/verify/verify.go#L239-L268
I have installed policy-controller pod and it's running and in ready status:  Then created TrustRoot and CIP successfully:  The issue when i trying to run kubectl get CIP...
I'm using a managed version of service mesh in GKE, Anthos Service Mesh. The managed service mesh injects envoy sidecars and references the containers by tag, not with a sha....
Hey! I think by mistake no image digest is not entirely clear what is meant, so it’s better to add to the message that perhaps this image does not exist...
While testing ClusterImagePolicy, getting following error. Image is already signed with cosign. Get "https://xxxxxx.com/v2/": tls: failed to verify certificate: x509: certificate signed bt unknown authority. Appreciate any suggestions to fix...
