Skip to content

Add VEX attestation#307

Open
himax1991 wants to merge 1 commit into
mainfrom
vex-attestations
Open

Add VEX attestation#307
himax1991 wants to merge 1 commit into
mainfrom
vex-attestations

Conversation

@himax1991

Copy link
Copy Markdown

Summary

  • Add .werf/defines/vex.tmpl for cosign OpenVEX attestations
  • Add base/vex image (variant B, BASE_IMAGES_VERSION v1.1.8) with pm install on builder/distroless from base_images.yml
  • Extend werf-giterminism.yaml with signing mode env vars and registry/Vault secrets for CSE compatibility
  • Bump modules-actions/build to @v15 with registry_user / registry_password in dev, prod, and deploy workflows

No known_vulnerabilities.vex files exist in this module — VEX includes in werf.inc.yaml were not added.

Enable cosign OpenVEX signing via base/vex image, giterminism secrets for registry and Vault, and modules-actions build v15 with registry credentials.

Signed-off-by: Maksim Khimchenko <maksim.khimchenko@flant.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant