Sigstore Policy Controller - an admission controller that can be used to enforce policy on a Kubernetes cluster based on verifiable supply-chain metadata from cosign
We need to explore how to verify the existence of SLSA provenance attached to container images. It is currently possible to inspect SLSA attestations however this could be simplified by using the slsa-provenance-verifier.
Description
We need to explore how to verify the existence of SLSA provenance attached to container images. It is currently possible to inspect SLSA attestations however this could be simplified by using the slsa-provenance-verifier.