Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Flux assessment of SLSA Build Level 3 requirements #1530

Merged
merged 1 commit into from
Jul 3, 2023
Merged

Flux assessment of SLSA Build Level 3 requirements #1530

merged 1 commit into from
Jul 3, 2023

Conversation

stefanprodan
Copy link
Member

@stefanprodan stefanprodan commented Jun 23, 2023
edited
Loading

Preview: https://deploy-preview-1530--fluxcd.netlify.app/flux/security/slsa-assessment/

Requires: fluxcd/flux2#3994

The current assment was performed on helm-controller v0.34.2 which ships with the SLSA provenance implement in fluxcd/helm-controller#705.

TODOs:

  • update the verification instruction using slsa-verifier verify-image after source-controller 1.0.0 release
  • link from the main security page to the assessment

@stefanprodan stefanprodan added area/docs Documentation related issues and pull requests area/security Security related issues and pull requests labels Jun 23, 2023
@stefanprodan stefanprodan requested a review from a team June 23, 2023 13:16
@stefanprodan stefanprodan force-pushed the slsa-assessment branch 5 times, most recently from 767c89a to 52ac4cd Compare June 23, 2023 14:20
@stefanprodan stefanprodan mentioned this pull request Jun 26, 2023
Closed
12 tasks
@stefanprodan stefanprodan marked this pull request as ready for review June 27, 2023 10:39
@stefanprodan stefanprodan changed the title Flux assessment of SLSA Level 3 requirements Flux assessment of SLSA Build Level 3 requirements Jun 27, 2023
pjbgf
pjbgf approved these changes Jun 27, 2023
View reviewed changes
Copy link
Member

@pjbgf pjbgf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great stuff, @stefanprodan! Thank you for working on this. 🙇‍♂️

@stefanprodan stefanprodan force-pushed the slsa-assessment branch 3 times, most recently from c915d10 to c802de2 Compare June 27, 2023 12:13
aryan9600
aryan9600 previously requested changes Jun 29, 2023
View reviewed changes
content/en/flux/security/slsa-assessment.md Show resolved Hide resolved
content/en/flux/security/slsa-assessment.md Show resolved Hide resolved
content/en/flux/security/slsa-assessment.md Show resolved Hide resolved
content/en/flux/security/slsa-assessment.md Show resolved Hide resolved
content/en/flux/security/slsa-assessment.md Outdated Show resolved Hide resolved
content/en/flux/security/slsa-assessment.md Show resolved Hide resolved
@aryan9600 aryan9600 dismissed their stale review June 29, 2023 16:47

not necessary to merge

@stefanprodan stefanprodan added the area/flux Flux related issues and pull requests label Jun 30, 2023
@stefanprodan stefanprodan merged commit 7dbcdfd into main Jul 3, 2023
@stefanprodan stefanprodan deleted the slsa-assessment branch July 3, 2023 15:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aryan9600 aryan9600 aryan9600 approved these changes

@pjbgf pjbgf pjbgf approved these changes

Assignees
No one assigned
Labels
area/docs Documentation related issues and pull requests area/flux Flux related issues and pull requests area/security Security related issues and pull requests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@stefanprodan @pjbgf @aryan9600