Sigstore signature verification in GitLab Rails
Why are we doing this work
To support #410405 and #364428, we need to add code to GitLab Rails to allow it to cryptographically verify Sigstore signatures. sigstore-ruby exists, but it is currently incomplete and does not have signature verification. We'll likely need to create our own implementation referencing one of the existing implementations.
Relevant links
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing: