Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: validate images from registry via Pepr (impl) #1262

Draft
wants to merge 32 commits into
base: main
Choose a base branch
from

Conversation

btlghrants
Copy link
Collaborator

Description

Working through how we might accomplish validating image signatures against pubkeys derived from the OCI registries that serve them.

Relates to #1240

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Other (security config, docs update, etc)

Checklist before merging

@btlghrants btlghrants self-assigned this Oct 11, 2024
@cmwylie19 cmwylie19 added the large large label Oct 16, 2024
Copy link

socket-security bot commented Oct 21, 2024

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@types/[email protected] None 0 8.29 kB types
npm/[email protected] network 0 29.9 kB rubenverborgh
npm/[email protected] Transitive: environment, filesystem, network, shell +85 7.94 MB bdehamer

View full report↗︎

Copy link

codecov bot commented Oct 21, 2024

Codecov Report

Attention: Patch coverage is 82.99320% with 25 lines in your changes missing coverage. Please review.

Project coverage is 79.63%. Comparing base (58633b8) to head (ddd6e0a).

Files with missing lines Patch % Lines
src/sdk/cosign.ts 81.53% 23 Missing and 1 partial ⚠️
src/sdk/heredoc.ts 94.11% 1 Missing ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #1262      +/-   ##
==========================================
+ Coverage   79.36%   79.63%   +0.27%     
==========================================
  Files          38       40       +2     
  Lines        1793     1940     +147     
  Branches      363      399      +36     
==========================================
+ Hits         1423     1545     +122     
+ Misses        368      365       -3     
- Partials        2       30      +28     
Files with missing lines Coverage Δ
src/sdk/heredoc.ts 94.11% <94.11%> (ø)
src/sdk/cosign.ts 81.53% <81.53%> (ø)

... and 7 files with indirect coverage changes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
large large
Projects
Status: 👀 In review
Development

Successfully merging this pull request may close these issues.

2 participants