Add support for sigstore #6
Comments
|
Hi @PradyumnaKrishna , Hi @SantiagoTorres I just submitted a proposal for this. I would love any last-minute feedback (I can still edit before the deadline) which is in about 7 hours! |
|
Hi @PradyumnaKrishna , this project seems really interesting to me. I have been trying to understand the code since last one week. I would really like to contribute to this project in best possible ways and I'll try my best to contribute as much as possible |
|
To understand this project, you can read sigstore documentation to get started. There is a sigstore java and maven repository which might be useful for this project, try it out as well. |
|
Yes @PradyumnaKrishna , I'll definitely read sigstore documentation to get started. I'll try sigstore java and maven repository as well. |
|
@PradyumnaKrishna Hi, do we need to submit a proposal, like action plan on handling the project, or do we need to do any pre tasks for thw project, before applying? |
|
Hey @PradyumnaKrishna -
|
|
@PradyumnaKrishna I have applied to contribute to this project under lfx mentorship. I have gone through the sigstore docs and now have a rough idea on how to implement the project, should I include an overview of it in the cover letter or should I explain it somewhere else? |
This issue aims to integrate Sigstore support into the in-toto-jenkins plugin.
Description
Currently, the In-toto Jenkins plugin requires users to provide either a credential ID or key path for signing the link metadata during the post-build process. The addition of Sigstore in the In-toto Jenkins plugin enables keyless signing and keyless verification of metadata.
Enhance the metadata transport capabilities within in-toto-jenkins by introducing a Sigstore transport option. The Sigstore transport will facilitate the uploading of generated metadata to the Rekor transparency log.
The text was updated successfully, but these errors were encountered: