search

buildsec / frsca

https://buildsec.github.io/frsca
Apache License 2.0
227 stars 31 forks source link

Add support for policy-controller #407

Closed sudo-bmitch closed 1 year ago

sudo-bmitch commented 1 year ago

This extends the work from #436 and #437 (or rather they were pulled out from this PR to make reviewing it easier). This adds an alternate option for the admission controller using sigstore/policy-controller. It's currently verifying the build attestation and signature, but support to verify the SBOM isn't working yet.

stale[bot] commented 1 year ago

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contribution!

sudo-bmitch commented 1 year ago

I'm curious what direction we want to go with this? I think we have the following options:

  1. Abandon it and stick with kyverno since we have server side apply working.
  2. Continue to develop it with more policies.
  3. Add it, but only as an option and not as the default admission controller that we support.
stale[bot] commented 1 year ago

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contribution!

sudo-bmitch commented 1 year ago

Still looking for feedback/direction on this.

pxp928 commented 1 year ago

Still looking for feedback/direction on this.

I vote for option 3. The more support we have for other policy engines the better.

stale[bot] commented 1 year ago

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contribution!

stale[bot] commented 1 year ago

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contribution!

stale[bot] commented 1 year ago

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contribution!

stale[bot] commented 1 year ago

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contribution!

stale[bot] commented 1 year ago

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contribution!

stale[bot] commented 1 year ago

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contribution!

stale[bot] commented 1 year ago

This pull request has been automatically closed because there has been no activity for 28 days. Please feel free to reopen it (or open a new one) if the proposed change is still appropriate. Thank you for your contribution!