Mikhail Swift

When a zarf package is created we should record some attestations about the package's creation. Some attestations could include - Environment details such as set variables, user, cloud metadata if...

Collect hashes of local and remote resources

1

Currently hashes are being collected for some resources but not all. This should be expanded to include all images, helm charts, files, etc. When resources are fetched from a remote...

dsse type

4

#### Summary Adds a DSSE type that validated each signature on the envelope. If the payload is an in-toto statement all in-toto subjects will be indexed. The hash of the...

in-toto records don't contain signatures

4

Currently the in-toto type does not contain any signatures. This prevents users of in-toto records from verifying attestations that are stored in rekor's attestation stores. Additionally, the IntotoObj.content.hash refers to...

Feature/grpc initial

1

Rebased version of https://github.com/testifysec/witness/pull/181 onto latest main

A tracee may only be traced by a single tracer, where a tracer and tracee refer to OS threads. However each tracee can be traced by different tracers. Right now...

Migrated from gitlab -- original author @colek42

Improve performance while hashing files during tracing

2

#75 introduced file hashing of opened files by tracees. This allows us to tell exactly what went into a build, but it comes at a cost. Calculating hashes is not...