Add support for provenance attestations

in-toto / in-toto-jenkins-plugin

A Jenkins plugin to track steps and create in-toto link metadata

MIT License

5 stars 5 forks source link

Add support for provenance attestations #1

Open adityasaky opened 2 years ago

adityasaky commented 2 years ago

What feature do you want to see added?

Currently, the in-toto plugin allows users to easily generate link metadata in pipelines. This plugin should be extended to allow users to generate SLSA provenance attestations, defined at https://slsa.dev/provenance/v0.2. The in-toto-java implementation includes support for SLSA provenance, and can be leveraged by the plugin.

Upstream changes

No response

meetguogengli commented 2 years ago

Hey, @adityasaky I would like to contribute to this issue since GSOC is approaching and the "Add provenance extension to Jenkins plugin" is one of the projects I want to apply for. Can you please help me get started so that I can get familiar with the codebase and other things about the project?

falconcode16 commented 2 years ago

Hello @adityasaky How is it going? I came across this issue for adding support for provenance attestations and this thing got me interested for a potential GSOC project which I looking to work on. Can we have a conversation to begin with before I submit my proposal?

adityasaky commented 2 years ago

Hey everyone, for GSoC questions, please join the CNCF slack workspace: https://slack.cncf.io/. Come say hello on #in-toto!

Also, I should warn you that there's one proposal for this task already.