search

sigstore / cosign-gatekeeper-provider

🔮 ✈️ to integrate OPA Gatekeeper's new ExternalData feature with cosign to determine whether the images are valid by verifying their signatures
Apache License 2.0
75 stars 23 forks source link

What's the status on the project? #5

Closed ChaosInTheCRD closed 1 year ago

ChaosInTheCRD commented 2 years ago

Question

Hi there! This project looks awesome, but I am wondering what the short to midterm roadmap on it is. I see it is marked as not production ready. Are there any production ready projects that could help us check image signatures on admission with gatekeeper at this point?

What would you say are the main barriers to this project becoming ready for production. I noticed also that it currently can only verify images signed and logged on Reko; is there scope for adding PRs to also support regular private / public key signed images?

We are interested in the prospect of helping out here, so we can agree on some areas for us contribute 😄

dlorenc commented 2 years ago

cc @developer-guy

I think this is really waiting on the gatekeeper side to stabilize. The interface this uses inside Gatekeeper is still marked as alpha/experimental: https://open-policy-agent.github.io/gatekeeper/website/docs/next/externaldata/

We intend to fully support Gatekeeper when it's ready!

salaxander commented 1 year ago

@dlorenc - we plan to drop the alpha label on the next release. Anything we can do to help revive this? 🙂

sozercan commented 1 year ago

GK v3.11.0 graduates external data to beta: https://github.com/open-policy-agent/gatekeeper/releases/tag/v3.11.0 @dlorenc @developer-guy

mathieu-benoit commented 1 year ago

Hi there! 👋

@dlorenc @developer-guy, now that Gatekeeper v3.11.0 has graduated external data to beta, what's the plan to update this project/component? I also see some issues around public key as secret support, etc. any plan to support these too?

Thanks!

dlorenc commented 1 year ago

I'm not sure if anyone is actively working on this project now. PRs are probably welcome and I'm sure we could find a way to add more maintainers if there's enough interest!

salaxander commented 1 year ago

@dlorenc I think I could potentially help find some maintainers if you're open to it! I think we'd love to contribute from the Gatekeeper side

dlorenc commented 1 year ago

Sure!

cpanato commented 1 year ago

we did a few ci and release improvements and need to revisit the code functionality but i think we are moving forward. will close this issue

feel free to reopen or open a new one