search

projectcapsule / capsule

Multi-tenancy and policy-based framework for Kubernetes.
https://capsule.clastix.io
Apache License 2.0
1.58k stars 155 forks source link

[UMBRELLA] Publish supply chain security artifacts during the release #824

Closed maxgio92 closed 10 months ago

maxgio92 commented 1 year ago

Describe the feature

This is a security feature on the distribution of the Capsule OCI image artifact. Security artifacts can help secure the supply chain by providing ways for consumers to verify the authenticity of the artifacts provided by the project, the integrity of the artifacts.

What would the new user story look like?

As an end-user of Capsule, I'd like to verify the authenticity and integrity of artifacts officially provided by the Capsule project.

Expected behavior

maxgio92 commented 11 months ago

Hey @oliverbaehler, can this issue be considered completed? Thanks!

prometherion commented 11 months ago

I'd say so, let's wait for Oliver's feedback.

oliverbaehler commented 10 months ago

Implemented, except SBOM for charts