Open PradyumnaKrishna opened 4 months ago
Hi @PradyumnaKrishna , Hi @SantiagoTorres
I just submitted a proposal for this. I would love any last-minute feedback (I can still edit before the deadline) which is in about 7 hours!
Hi @PradyumnaKrishna , this project seems really interesting to me. I have been trying to understand the code since last one week. I would really like to contribute to this project in best possible ways and I'll try my best to contribute as much as possible
To understand this project, you can read sigstore documentation to get started. There is a sigstore java and maven repository which might be useful for this project, try it out as well.
Yes @PradyumnaKrishna , I'll definitely read sigstore documentation to get started. I'll try sigstore java and maven repository as well.
@PradyumnaKrishna Hi, do we need to submit a proposal, like action plan on handling the project, or do we need to do any pre tasks for thw project, before applying?
Hey @PradyumnaKrishna - I believe InTotoRecorder and InTotoWrapper files will be updated, and a new file sigstoreTransport file in transport directory.
KeylessVerifier
, prior to this we add the verification options
I hope I understood the given problem statement.
please help me If I missed any?@PradyumnaKrishna I have applied to contribute to this project under lfx mentorship. I have gone through the sigstore docs and now have a rough idea on how to implement the project, should I include an overview of it in the cover letter or should I explain it somewhere else?
This issue aims to integrate Sigstore support into the in-toto-jenkins plugin.
Description Currently, the In-toto Jenkins plugin requires users to provide either a credential ID or key path for signing the link metadata during the post-build process. The addition of Sigstore in the In-toto Jenkins plugin enables keyless signing and keyless verification of metadata. Enhance the metadata transport capabilities within in-toto-jenkins by introducing a Sigstore transport option. The Sigstore transport will facilitate the uploading of generated metadata to the Rekor transparency log.