-
## Is your feature request related to a problem? Please describe
Currently a JWT is used to identify a user, but in the case of shared workspaces some JWTs may be accessible to other authorised use…
-
It would be nice to have a predicate that could indicate the security posture of a given commit from a source control system.
Specifically it would be nice to be able to convey the requirements of …
-
Currently, if a certificate is private or self signed fulcio will require the following. `oc set env -n fulcio-system deployment/fulcio-server SSL_CERT_DIR=/var/run/fulcio`
We need to try to see…
-
When the configuration update happen the underlying secret or configmap will be updated and the running pod should be eventually updated as well (see https://kubernetes.io/docs/concepts/configuration/…
-
## Background
https://github.com/C2SP/C2SP/blob/main/signed-note.md defines the specification for a signed note, which is the format of a [checkpoint](https://github.com/C2SP/C2SP/blob/main/tlog-ch…
-
Based on the discussion about [verifying the SET](https://github.com/sigstore/rekor/issues/1943#issuecomment-1968352634), I'm opening this issue to add a canonicalized RekorBundle to the TLE, to be us…
-
# Motivation
It is not always possible to look inside executables and report accurate information on their contents and dependencies. This information is accessible at the build time of executables, …
-
If an install is deleted before completing the create tree / admin server piece runs indefinitely and stops other installations from occuring
```
I0228 19:31:31.535384 1 admin.go:50] CreateT…
-
**Description**
The tuf-secret-copy-job could not patch the secrets that already exist.
Chart version: `v0.6.46`
```shell
Warning: resource secrets/fulcio-server-secret is missing the kubect…
-
We have specific resource for each component:
- [Fulcio](https://github.com/securesign/secure-sign-operator/blob/main/api/v1alpha1/fulcio_types.go#L11)
- [Rekor](https://github.com/securesign/secure…