Grafeas/Kritis Community Call on 8/25

33 views
Skip to first unread message

Brian Russell

unread,
Aug 20, 2020, 5:14:09 PM8/20/20
to grafea...@googlegroups.com, grafe...@googlegroups.com, kritis...@googlegroups.com

Hello Grafeas and Kritis Community,


On Tuesday (August 25), we will hold a community call at 11:30 AM EDT (a separate calendar invite will be sent). It’s been several months since the release of v0.1.1 and it has been great to see people trying it out and giving feedback. For this call, we’ll be highlighting Grafeas updates since this release and also some open discussion. The agenda is as follows:


  • Welcome and introductions

  • Updates to the project (see below)

  • Community discussion (topics TBD)


Please feel free to add topics to the community call agenda (members of these groups can edit this doc).

The updates that will be announced: 


  • Support for in-toto attestations (thanks to the in-toto team!)

    • With this addition, in-toto link data can be stored in Grafeas

  • Kritis Signer is available to create attestations based on CI/CD pipeline events

    • This sample tutorial explains the basics of the signer

  • A new attestation library

    • Simpler development for custom tooling

    • Streamlined key support for additional key types (non-PGP)

  • Support for multiple keys in Kritis Attestor 

    • Adds support for key rotation.

    • Adds the semantic “verifiable by ANY key” 

  • Generic Attestation Policy (GAP) can use “all attestors”

    • This achieves compatibility between Kritis and Binary Authorization. 

  • Secret key in Kritis attestor moved to Kritis ISP (Image Security Policy)

    • This change brings clearer separation between attestors and ISP. Previously.

    • Attestor/Attestation Authority now contains no sensitive data and is thus simpler to manage.


Recap of Grafeas releases:

  • Release 0.1.6 - 6/23/2020

    • Support for in-toto.

    • JWT support in attestation notes.

  • Release 0.1.5 - 3/12/2020

    • Upgrade to golang 1.14.0.

    • Addition of last_scan_time to discovery occurrences.

    • Support for Windows updates.

  • Release 0.1.4 - 11/6/2019

    • Support for use of existing secret and certs in Helm chart, in addition to generating them.

    • Fix for handling http requests.

    • Support for multi-platform protobuf compiler download.

    • Checked in v1beta1 go generated protos, to simplify integration downstream.

  • Release 0.1.2 - 10/11/2019

    • Support for multiple storage implementations.

  • Release 0.1.1 - 09/24/2019

Recap of Kritis releases:


Thanks!
Brian
Reply all
Reply to author
Forward
0 new messages