Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement checking if the workflow that built the artifact is part of the allowed list #124

Open
rdimitrov opened this issue Feb 19, 2024 · 1 comment
Open

Implement checking if the workflow that built the artifact is part of the allowed list #124

rdimitrov opened this issue Feb 19, 2024 · 1 comment
Labels
P2 Nice to fix: non-critical items that should be evaluated and planned during issue triage

Comments

@rdimitrov
Copy link
Member

The idea is to ensure that the workflow that built the artifact is part of the allowed actions list.

  • Artifact is signed -> get it's signer identity (workflow) -> check if this workflow is allowed in GitHub

Reference:
@evankanderson evankanderson added the P2 Nice to fix: non-critical items that should be evaluated and planned during issue triage label Jul 16, 2024
@evankanderson
Copy link
Member

To be clear, this would be a rule type

@evankanderson evankanderson transferred this issue from mindersec/minder Jul 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
P2 Nice to fix: non-critical items that should be evaluated and planned during issue triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@evankanderson @rdimitrov