Open ultrasaurus opened 5 years ago
Here's a collection of resources that we could work into the items on the integrations page (plus some additional items):
Reproducible builds (mostly for Debian) https://salsa.debian.org/reproducible-builds/debian-rebuilder-setup https://github.com/in-toto/apt-transport-in-toto https://ssl.engineering.nyu.edu/blog/2019-01-18-in-toto-paris
Debian https://debconf17.debconf.org/talks/100/ https://in-toto.github.io/examples/debian.html
Kubernetes https://github.com/in-toto/kubectl-in-toto https://github.com/in-toto/in-toto-webhook https://github.com/in-toto/in-toto-golang https://ssl.engineering.nyu.edu/blog/2018-10-08-in-toto-tuf-book
Grafeas https://www.youtube.com/watch?v=05zN-YQxEAM https://cloud.google.com/blog/products/gcp/exploring-container-security-digging-into-grafeas-container-image-metadata https://github.com/in-toto/totoify-grafeas https://github.com/in-toto/demo-jekyll
Control Plane https://control-plane.io/posts/kubernetes-predictions-for-2019/ https://lists.archlinux.org/pipermail/pacman-dev/2017-September/022123.html
Jenkins https://plugins.jenkins.io/in-toto https://github.com/in-toto/in-toto-java
git https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/torres-arias https://public-inbox.org/git/20170117233723.23897-1-santiago@nyu.edu/
ArchLinux https://git.archlinux.org/pacman.git/commit/?id=39319c1860d200a9b4a3cc2c6975e3cece502f2d
OpenSuse https://github.com/in-toto/demo-opensuse
Polypasswordhasher https://in-toto.github.io/examples/polypasswordhasher.html
Seattle https://in-toto.github.io/examples/seattle.html
@SantiagoTorres, do you have any additional pointers especially for: repeatr, docker, control plane, archlinux, spdx, govready?
I wonder if 1682bd7 and 3655ddf resolves this issue (even if partially). Do you think we need bigger changes, @ultrasaurus ?
What about the other items, I listed links for, i.e. Grafeas, Kubernetes, Control Plane, Jenkins (IMHO we can skip Seattle and PPH)? And the other things I asked you about, i.e. repeatr, docker, spdx, govready?
https://in-toto.github.io/integrations.html -- I'd expect links to open issues or other information on each project.
For example: "We are actively working with the debian community" -- if I worked on Debian, I'd want a pointer to where these discussions are taking place, maybe an open issue (in your repo or theirs) or mailing list or wiki page...