connaisseur
connaisseur copied to clipboard
sse-secure-systems
An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster
Updates the requirements on [setuptools](https://github.com/pypa/setuptools) to permit the latest version. Changelog Sourced from setuptools's changelog. v63.4.3 Misc ^^^^ #3496: Update to pypa/distutils@b65aa40 including more robust support for library/include dir handling...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Updates the requirements on [flask](https://github.com/pallets/flask) to permit the latest version. Release notes Sourced from flask's releases. 2.2.2 This is a fix release for the 2.2.0 feature release. Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-1 Milestone:...
**Describe the feature** Currently, when parsing the Global Unique Name (GUN), when no registry is provided, the `docker.io` registry is defaulted and added as `registry` when building the `Image` class....
Fixes #141 ## Description - adds support for cosign keyless signatures via OIDC :warning: WIP Notes: - integration test should be added - requires specification of rekor root cert and...
### Discussed in https://github.com/sse-secure-systems/connaisseur/discussions/691 Originally posted by **albertovmware** June 17, 2022 I think that it could be good to block unsigned images in a specific namespace and use detection mode...
**Describe the bug** Prometheus cannot connect to `/metrics` HTTPS endpoint, throws "cannot validate certificate because it doesn't contain any IP SANs" **Expected behavior** Prometheus can connect to `/metrics` HTTPS endpoint....
**Describe the feature** We frequently see connaisseur errors due to transient Docker Hub failures. It would be helpful if we could configure a retry limit for cosign, to minimize disruption...
**Describe the bug** Both MutatingWebhookConfiguration seem to have the same name ({{ .Chart.Name }}-webhook) https://github.com/sse-secure-systems/connaisseur/blob/master/helm/templates/certificate_webhook-conf.yaml **Expected behavior** Different names for https://github.com/sse-secure-systems/connaisseur/blob/master/helm/templates/certificate_webhook-conf.yaml#L20 and https://github.com/sse-secure-systems/connaisseur/blob/master/helm/templates/certificate_webhook-conf.yaml#L51 or only one definition for MutatingWebhookConfiguration
Community Attestation Service integration ## Description Adds possibility to run CAS as signing solution. Currently works with images that have SHA256 digest ## Checklist - [x] PR is rebased to/aimed...
**Describe the feature** cosign error parsing has been growing over time and should be handled in a dedicated function with proper testing: https://github.com/sse-secure-systems/connaisseur/blob/master/connaisseur/validators/cosign/cosign_validator.py#L123
Metadata
Owner
Metadata
An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster