Achieve SLSA in KubeBB - Githubissues

kubebb / core

A declarative component lifecycle management platform

https://kubebb.github.io/website

Apache License 2.0

8 stars 9 forks source link

Achieve SLSA in KubeBB #166

Open bjwswang opened 11 months ago

bjwswang commented 11 months ago

As software supply chain is such important and critial, we need to enable SLSA in our Kubebb(especially kubebb/core).

https://slsa.dev/

Threats in Supply chain

SLSA Levels

Levels https://slsa.dev/spec/v1.0/levels
Detailed requirements on different SLSA Levels https://slsa.dev/spec/v1.0/requirements

Discussions

[ ] SLSA v1.0 vs SLSA 0.1
[ ] Our target SLSA level in kubebb/core(Level3)

How to enable SLSA in kubebb

[ ]
[ ]

Reference SLSA cases

bjwswang commented 11 months ago

With the help of tekton,we can help softwares built with tekton to achieve SLSA level2 https://cd.foundation/blog/2023/05/31/getting-to-slsa-level-2-with-tekton-and-tekton-chains/

https://tekton.dev/docs/chains/