-
Notifications
You must be signed in to change notification settings - Fork 64
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add sbom verifier to helm chart #1204
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #1204 +/- ##
=======================================
Coverage 55.09% 55.09%
=======================================
Files 104 104
Lines 6865 6865
=======================================
Hits 3782 3782
Misses 2751 2751
Partials 332 332 ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
one minor comment, lgtm overall
| sbom.enabled | Enables/disables installation of sbom verification configuration | `false` | | ||
| sbom.notaryProjectSignatureRequired | requires validation of sbom notation signature | `false` | | ||
| sbom.disallowedLicenses | list of disallowed licenses | [] | | ||
| sbom.disallowedPackages | list of disallowed packages defined by package name and version | [] | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
wonder if we should provide an example for package name/version pair?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1. You could consider pointing to the doc if the plan is to add that there. Not a blocker for this PR for me
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks , I will merge this PR first to unblock release changes. and will add the example in a separate PR.
Description
Doc walk through at ratify-project/ratify-web#44
Sample command:
helm install ratify
./charts/ratify --atomic
--namespace gatekeeper-system
--set featureFlags.RATIFY_CERT_ROTATION=true
--set sbom.enabled=true
--set sbom.disallowedLicenses={"Zlib"}
--set sbom.disallowedPackages[0].name="busybox"
--set sbom.disallowedPackages[0].version="1.36.1-r0"
What this PR does / why we need it:
Which issue(s) this PR fixes (optional, using
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close the issue(s) when the PR gets merged):Fixes #
Type of change
Please delete options that are not relevant.
main
branch)How Has This Been Tested?
Validation #1 , modiefied local chart to populate disallowed license and package
validation #2, manual testing with installing command below:
helm install ratify
./charts/ratify --atomic
--namespace gatekeeper-system
--set featureFlags.RATIFY_CERT_ROTATION=true
--set sbom.enabled=true
--set sbom.disallowedLicenses={"Zlib"}
--set sbom.disallowedPackages[0].name="busybox"
--set sbom.disallowedPackages[0].version="1.36.1-r0"
Checklist:
Post Merge Requirements
Helm Chart Change