search

OWASP / DevSecOpsGuideline

The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.
https://owasp.org/www-project-devsecops-guideline/
Other
784 stars 178 forks source link

Provenance #86

Open sergiomarotco opened 1 month ago

sergiomarotco commented 1 month ago

Add steps with provenance generating on Build and provenance check on Deploy

Ali-Yazdani commented 1 month ago

Hi @sergiomarotc, Can you explain a bit more?

mostafa commented 1 month ago

I think this explains it nicely, although this might not be what @sergiomarotco intended. https://docs.docker.com/build/ci/github-actions/attestations/

sergiomarotco commented 1 month ago

Yes, that's exactly what we're talking about

Ali-Yazdani commented 4 weeks ago

Ok got it, thanks for sharing. Sounds good, who wants to add this? @mostafa @sergiomarotco or both?

Feel free to open a Pull request.