Skip to content

VSA POC#2497

Draft
joejstuart wants to merge 4 commits intoconforma:mainfrom
joejstuart:VSA-POC
Draft

VSA POC#2497
joejstuart wants to merge 4 commits intoconforma:mainfrom
joejstuart:VSA-POC

Conversation

@joejstuart
Copy link
Contributor

@joejstuart joejstuart commented Apr 30, 2025
edited
Loading

Checks if VSA exists before validation. If a VSA exists, it will display the results stored in it as the report.

If a VSA does not exist, runs validation, then generates and stores a VSA in Rekor.

This accepts a new argument --attestor-key which is a private key to sign the VSA

ec validate image \
  --image quay.io/redhat-user-workloads/rhtap-contract-tenant/golden-container/golden-container@sha256:ad333bfa53d18c684821c85bfa8693e771c336f0ba1a286b3a6ec37dd95a232e \
  --policy github.com/joejstuart/ec-config//slsa3-failed?ref=volatile-test \
  --public-key pub.key \
  --ignore-rekor \
  --output "text?show-successes=false" \
  --output appstudio \
  --show-successes \
  --info \
  --attestor-key cosign.key

@joejstuart joejstuart marked this pull request as draft April 30, 2025 18:53
@joejstuart joejstuart force-pushed the VSA-POC branch 2 times, most recently from 844b3fd to 6330bf1 Compare April 30, 2025 19:26
joejstuart added 4 commits May 6, 2025 12:12
@joejstuart
VSA POC
65d026b 
Checks if VSA exists before validation
If a VSA exists, it will display the results
stored in it as the report.

If a VSA does not exists, runs validation, then
generates and stores a VSA in Rekor.
@joejstuart
set to nil
75f4ef4
@joejstuart
update
1eeda3a
@joejstuart
proper unmarshaling
ee87a87
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@joejstuart