feat(docs)[SEC-1129]: SLSA security feature docs for inso and insomnia artifacts

Kong / insomnia-docs

This repository houses all Insomnia documentation.

https://docs.insomnia.rest

35 stars 68 forks source link

feat(docs)[SEC-1129]: SLSA security feature docs for inso and insomnia artifacts #211

Closed saisatishkarra closed 4 months ago

saisatishkarra commented 4 months ago

Summary

Image Signature verification for Inso docker images
Software bill of materials for binaries and image artifacts
Provenance for binaries and image artifacts

Reason

https://konghq.atlassian.net/browse/SEC-1129

Testing

vercel[bot] commented 4 months ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
insomnia-docs	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jun 24, 2024 3:50pm

CLAassistant commented 4 months ago

All committers have signed the CLA.

saisatishkarra commented 4 months ago

@filfreire i see the below action items:

Need official tag for insomnia / Inso repo to move to review from draft
Replace 9.3.0-beta.4 and channel=beta with latest/official and stable tags
Is this PR change on insomnia-api deployed? The URLs with app=com.insomnia.inso&channel=beta is still pointing to lib@ (old version) instead of core@ (new unified GH version) for inso packages. Can you please confirm if this is working / provide a different release tag with these API changes?

@filfreire / @jackkav Please review the PR and assist with failing docker build step! Thx in advance

saisatishkarra commented 4 months ago

Screenshot 2024-06-24 at 11 00 53 AM

@jackkav seems the bundle install is failing due to the error above when tried to reproduce it locally. Seems it needs lockfile for the bundle to download 4.3.0 jekyll

filfreire commented 4 months ago

We'll remove docker build in a follow-up PR, does not block merging this one