Skip to content
/ sigstore-poc Public

For coordinating efforts for Tekton/Sigstore on GCP.

License

MIT license
6 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Cray-HPE/sigstore-poc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

82 Commits
.github/workflows
.github/workflows
 
 
cmd
cmd
 
 
config
config
 
 
docs
docs
 
 
hack
hack
 
 
images
images
 
 
spiffe
spiffe
 
 
terraform
terraform
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
pipeline.md
pipeline.md
 
 

Repository files navigation

Sigstore HPE POC

Playground for building an example e2e pipeline using Tekton Pipelines, Chains, Dashboard, Sigstore, Rekor, Cosign, and Fulcio for Python and Kind and/or GCP/GKE.

Get started

  1. Setup Kubernetes Cluster
  2. Install Tekton Pipelines, Chains, and Dashboards
  3. Install Rekor and Fulcio
  4. Run Python builds through Pipelines
    1. Build, Dependencies
    2. Container creation
    3. SBOM creation
    4. Trivy CVE Scanning
  5. Verify results with Cosign

Prerequisites

In order to run through this example, you will need the following installed:

Read full guidance for local development via the local tutorial.

Read full guidance for GCP development via the GCP tutorial.

TODO AWS tutorial.

About

For coordinating efforts for Tekton/Sigstore on GCP.

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

6 stars

Watchers

4 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages