16.4 Planning for SSCS WG
Epic | Issues | DRI | Status | Milestone Goal |
---|---|---|---|---|
Native Signing of Build Artifacts (&9212) | Spike: Research architecture blueprint and crea... (#396632) | @bwill |
IN PROGRESS |
@bwill to create a architecture proposal. Clearly detail what current issues are, what help is needed from Runner group. Keep in mind investigation below, maybe assume sigstore usage for now? |
User Experience for Signed Container Registry I... (&7856) | @ahuntsman |
IN PROGRESS |
@ahuntsman continue working on issues |
|
User Experience for Signed Container Registry I... (&7856) | @ahuntsman |
BLOCKED | This is blocked on investigations of sigstore/TestifySec below | |
User Experience for Signed Container Registry I... (&7856) | Frontend refinement for Signed Container Regist... (#423623 - closed) | @dftian |
IN PROGRESS | Refinement of frontend issues in 16.4. Will require help from @bwill
|
Use GitLab.com as an OIDC provider for cosign f... (&11360) | Support keyless signing when CI config is locat... (#411317 - closed) | TBC | READY FOR DEVELOPMENT | |
Investigate keyless signing support for self managed GitLab instances | @bwill |
IN PROGRESS | Sigstore has been found to be too complex. Next look into TestifySec as alternative | |
Unblock use of Sigstore for signature verification in Ruby | No issue | @sam.white |
IN PROGRESS | Write a business case and proposal for creating Ruby/Rust bindings so you can call Cosign from Ruby. Will require technical help from @bwill
|
This issue and linked pages contain information related to upcoming products, features, and functionality. It is important to note that the information presented is for informational purposes only. Please do not rely on this information for purchasing or planning purposes. As with all projects, the items mentioned in this video and linked pages are subject to change or delay. The development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.
Edited by Nate Rosandich