conftest icon indicating copy to clipboard operation
conftest copied to clipboard
verified publisher icon open-policy-agent

test in-toto attestation (software provenance record format)

Open developer-guy opened this issue 4 years ago • 1 comments

in-toto attestation is a record format for defining your software supply chain based on JSON documents. You can reach out to the official repository here. In cosign, we worked on some verification system to verify the integrity of attestation files based on CUE and Rego languages; you can reach out to the development process here.

So, I thought it'd be nice if we supported it in conftest.

cc: @Dentrax

Please, feel free to assign it to me. I'm willing to work on this.

developer-guy avatar Jan 18 '22 17:01 developer-guy

Hi @developer-guy. in-toto uses JSON files for its data format, which is already supported by OPA and conftest. Please clarify what you would like to see implemented.

jalseth avatar Jan 29 '22 23:01 jalseth

Closing this due to inactivity. Please feel free to reopen in the future.

jalseth avatar Dec 24 '22 22:12 jalseth