Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: container image signature and attestation verification #461

Merged
merged 2 commits into from
Oct 18, 2024
Merged

feat: container image signature and attestation verification #461

merged 2 commits into from
Oct 18, 2024

Conversation

jvanz
Copy link
Member

@jvanz jvanz commented Oct 11, 2024

Description

Updates the tutorial of how to verify the signatures of the Kubewarden components adding a warning explaining how to have a more secure check by using the full URL in the subject/identity field.

Related to kubewarden/kubewarden-controller#856

@jvanz jvanz self-assigned this Oct 11, 2024
@jvanz jvanz requested a review from a team as a code owner October 11, 2024 12:42
@netlify Netlify
Copy link

netlify bot commented Oct 11, 2024
edited
Loading

Deploy Preview for silly-bunny-8cedd0 ready!

Name Link
🔨 Latest commit d456fd4
🔍 Latest deploy log https://app.netlify.com/sites/silly-bunny-8cedd0/deploys/6712528bb794ca0008e172c8
😎 Deploy Preview https://deploy-preview-461--silly-bunny-8cedd0.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@jvanz
feat: how to verify container image and attestation files.
f03fe8f 
Updates the tutorial of how to verify the signatures of the Kubewarden
components adding a section about how to verify the container image
signatures and their attestation files.

Signed-off-by: José Guilherme Vanz <[email protected]>
@jvanz jvanz requested a review from viccuad October 11, 2024 14:31
@jvanz jvanz changed the title feat: warning about the identity in the cosign verify. feat: container image signature and attestation verification Oct 11, 2024
@jvanz
Copy link
Member Author

jvanz commented Oct 11, 2024

@viccuad I've updated the PR to instructions on how to use the attestation files. Do you think that is enough?

jhkrug
jhkrug requested changes Oct 14, 2024
View reviewed changes
Copy link
Contributor

@jhkrug jhkrug left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A small suggestion.

docs/tutorials/verifying-kubewarden.md Outdated Show resolved Hide resolved
@viccuad @jhkrug
Update docs/tutorials/verifying-kubewarden.md
d456fd4 
Co-authored-by: John Krug <[email protected]>
Signed-off-by: Víctor Cuadrado Juan <[email protected]>
@viccuad viccuad merged commit aaadc9d into kubewarden:main Oct 18, 2024
6 checks passed
@jvanz jvanz deleted the subjecturl branch October 28, 2024 12:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jhkrug jhkrug jhkrug requested changes

@viccuad viccuad viccuad approved these changes

Assignees

@jvanz jvanz

Labels
None yet
Projects
Kubewarden
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jvanz @viccuad @jhkrug