-
Notifications
You must be signed in to change notification settings - Fork 66
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add cosign keyless support to trust policy #1503
feat: add cosign keyless support to trust policy #1503
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## dev #1503 +/- ##
==========================================
+ Coverage 68.15% 68.63% +0.47%
==========================================
Files 119 119
Lines 6139 6201 +62
==========================================
+ Hits 4184 4256 +72
+ Misses 1561 1557 -4
+ Partials 394 388 -6 ☔ View full report in Codecov by Sentry. |
9968c69
to
9cbd3c2
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR Akash! looks great overall, i left some questions.
TODO: add more test coverage to hit 80% patch coverage |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. thanks!
Signed-off-by: akashsinghal <[email protected]>
Description
What this PR does / why we need it:
This PR adds keyless verification support to new Trust Policy in cosign verifier.
New support includes:
keyless
section in the trust policy configAdds new
summary
section toextensions
field of the verifier report. This contains a list of string statements on what exact verifications were performed (claims verified, public key used, annotation checked, etc.)Updates tests to now manually turn off transparency log verification
Accompanying dos PR: ratify-project/ratify-web#80
Which issue(s) this PR fixes (optional, using
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close the issue(s) when the PR gets merged):Fixes #1323
Type of change
Please delete options that are not relevant.
main
branch)How Has This Been Tested?
Please describe the tests that you ran to verify your changes. Please also list any relevant details for your test configuration
Checklist:
Post Merge Requirements
Helm Chart Change