Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Venafi to sigstore friends #35

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add Venafi to sigstore friends #35

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7365ec1
chore: add policy-controller ref (#34)
Jul 15, 2022
224a930
venafi-jetstack info
zosocanuck Jan 27, 2023
67408d0
consolidated jetstack and venafi
zosocanuck Feb 7, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions VMware/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
* [VMware](https://www.vmware.com/) is an enthusiastic participant in the sigstore community. As a leading provider of enterprise Kubernetes software through the [Tanzu](https://tanzu.vmware.com/) portfolio, we look to sigstore as an important set of tools for helping our customers better secure the software supply chain for modern applications.
* R&D staff are working on Tanzu solutions using Cosign, and we are spearheading Cosign integration into [kpack](https://github.com/pivotal/kpack), [Carvel](https://carvel.dev/), and [Harbor](https://goharbor.io/).
* [VMware Tanzu Application Platform](https://tanzu.vmware.com/application-platform) is a modular, application-aware platform that provides a rich set of developer tooling and a prepaved path to production. We are utilizing cosign from sigstore as our signing tool for developers. Cosign helps to provide an irrefutable proof of the integrity and authenticity of the produced artefacts.
* [VMware Tanzu Application Platform](https://tanzu.vmware.com/application-platform) is a modular, application-aware platform that provides a rich set of developer tooling and a prepaved path to production. We are utilizing cosign as our signing tool for developers, and policyt-controller from sigstore as our validation tool for the platform. Cosign helps to provide an irrefutable proof of the integrity and authenticity of the produced artefacts.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typo: "policyt-controller"


Copyright 2021 VMware, Inc.
Copyright 2022 VMware, Inc.
14 changes: 14 additions & 0 deletions Venafi/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# Venafi, Inc.

[Venafi](https://www.venafi.com) is the leader in machine identity management.

[Venafi CodeSign Protect](https://venafi.com/codesign-protect/) integrates with sigstore/cosign via PKCS#11 to provide strong controls over the enterprise code signing keys and certificates, used to sign container images and other artifacts such as SBOMs.

Venafi also uses sigstore/cosign to sign its internally developed container images.

[Jetstack](https://jetstack.io), a Venafi company, helps businesses to build and operate modern cloud native infrastructure with Kubernetes.

Jetstack also designed and maintains the CNCF [cert-manager](https://github.com/cert-manager/cert-manager) project – the de facto cloud native solution for developers to automate TLS and mTLS certificate issuance and renewal.

* Jetstack is an active user of the sigstore project
* We use sigstore/cosign to sign our open source container images along with [SLSA provenance](https://slsa.dev/provenance/v0.2) and a [CycloneDX SBOM](https://cyclonedx.org/).