Add support for slsa provenance verification

sigstore / policy-controller

Sigstore Policy Controller - an admission controller that can be used to enforce policy on a Kubernetes cluster based on verifiable supply-chain metadata from cosign

Other

124 stars 54 forks source link

Add support for slsa provenance verification #606

Open hectorj2f opened 1 year ago

hectorj2f commented 1 year ago

Description

We need to explore how to verify the existence of SLSA provenance attached to container images. It is currently possible to inspect SLSA attestations however this could be simplified by using the slsa-provenance-verifier.

rakshitgondwal commented 4 days ago

Hi @hectorj2f, by slsa-provenance-verifier, are you referring to this: https://github.com/slsa-framework/slsa-verifier?