thepwagner
commented
5 months ago Per https://github.com/shopify/voucher being archived, Shopify is no longer using voucher or involved in this repository. Most, but not all, contributors have been from Shopify: https://github.com/grafeas/voucher/graphs/contributors We defer a decision about official deprecation to our partners in Google Cloud (e.g. @ooq, _rhdesmond et al).
Shopify replaced Voucher with a system that wraps https://github.com/kyverno/kyverno/ policies to produce binary authorization attestations. We like how other admission controllers provide a general "policy" abstraction for us, so we shifted to wrapping an admission controller to produce our binauthz attestations. We like how this prevents coupling to GKE - we could run the same policies using Kyverno directly as an admission controller.
Our new system is not open source, sorry.
I got to this project following the Google documentation about Binary Authorization: https://cloud.google.com/binary-authorization/docs/creating-attestations-voucher
They mention two options for security vulnerability attestations, Kritis and Voucher. I noticed that Kritis might not be maintained anymore (https://github.com/grafeas/kritis/issues/632)
Is Voucher is still maintained?
The README of this project mentions: "Binary authorization uses an admission controller such as Kritis", does Voucher use Kritis?, or are these totally separate?