Trusted Tasks PoC about experimental HOT 10 CLOSED

@bobcatfish I completely agree with you to have such admission checks generic and not tied to one solution.
between, I've marked the doc public, it should be accessible to everyone now. (doc link)

from experimental.

@lukehinds @nadgowdas It was pointed out to us that this idea is really similar to your work in https://github.com/OpenSecureSupplyChain/tkn-admcontroller

I still need to dig into that repo a bit more, but would love to hear any thoughts / feedback / things to watch out for from your prototyping.

from experimental.

@wlynch I don't think we got to far with that, but I would say borrow what you need. I seem to recall @nadgowdas had a TEP open as well.

Good to see this underway, I will share with the sigstore community to see if others would like to help

from experimental.

thanks for connecting @wlynch. We also had some discussion with Jim Bugwadia from Kyverno to see if such enforcement can be applied through kyverno policies. I had collected some thoughts in this doc: https://docs.google.com/document/d/1r2M9jVcL7fs7Edyzr30fV8pcVhxKUkgSmrFNuTXNKtg/edit?usp=sharing

If you have any thoughts let us know.

from experimental.

sgtm!

@tektoncd/governing-board - need at least one other approval

@nadgowdas is there a group I need to join to get access to the doc?

p.s. re Kyverno, an important requirement for a solution in Tekton would be that it was compatible with mulitple policy engines and that we avoided coupling Tekton to any solution in particular (there has been some discussion around this in TEP-0035 in the conteext of applying security policies as a whole)

from experimental.

sgtm too ! (count this as an approval 😛 )

from experimental.

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale with a justification.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle stale

Send feedback to tektoncd/plumbing.

from experimental.

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten with a justification.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle rotten

Send feedback to tektoncd/plumbing.

from experimental.

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen with a justification.
Mark the issue as fresh with /remove-lifecycle rotten with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/close

Send feedback to tektoncd/plumbing.

from experimental.

@tekton-robot: Closing this issue.

from experimental.