Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate SLSA3 provenance for all Flux components #3994

Closed
9 tasks done
stefanprodan opened this issue Jun 21, 2023 · 0 comments
Closed
9 tasks done

Generate SLSA3 provenance for all Flux components #3994

stefanprodan opened this issue Jun 21, 2023 · 0 comments
Assignees
@stefanprodan
Labels
area/ci CI related issues and pull requests area/security Security related issues and pull requests umbrella-issue Umbrella issue for tracking progress of a larger effort
Milestone
GitOps GA

Comments

@stefanprodan
Copy link
Member

stefanprodan commented Jun 21, 2023
edited
Loading

All the GitOps Toolkit controllers and the Flux CLI should make use of the SLSA GitHub Generator at release time for generating non-forgeable SLSA provenance on GitHub that meets the provenance generation and isolation requirements for SLSA Build level 3 and above.

Generators:

  • generator_generic_slsa3 for the release assets (binaries, SBOMs, source code)
  • generator_container_slsa3 for the multi-arch container images (DockerHub and GHCR)

Add the SLSA3 generators to the following release workflows:

  • source-watcher
  • source-controller
  • kustomize-controller
  • notification-controller
  • helm-controller
  • image-reflector-controller
  • image-automation-controller
  • flux2
  • terraform-provider-flux
@stefanprodan stefanprodan added area/ci CI related issues and pull requests area/security Security related issues and pull requests umbrella-issue Umbrella issue for tracking progress of a larger effort labels Jun 21, 2023
@stefanprodan stefanprodan self-assigned this Jun 21, 2023
This was referenced Jun 21, 2023
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
@stefanprodan stefanprodan added this to the GitOps GA milestone Jun 22, 2023
@stefanprodan stefanprodan mentioned this issue Jun 23, 2023
Merged
@stefanprodan stefanprodan changed the title Generate SLSA3+ provenance for all Flux components Generate SLSA3 provenance for all Flux components Jun 23, 2023
This was referenced Jun 23, 2023
Merged
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stefanprodan stefanprodan

Labels
area/ci CI related issues and pull requests area/security Security related issues and pull requests umbrella-issue Umbrella issue for tracking progress of a larger effort
Projects
None yet
Milestone
GitOps GA
Development

No branches or pull requests
1 participant
@stefanprodan