ITE-2: A general overview of combining TUF and in-toto to build compromise-resilient CI/CD

1 view
Skip to first unread message

Trishank Kuppusamy

Sep 8, 2021, 2:06:12 PM9/8/21
Hihi everyone,

Following on the heels of ITE-3, I am now proposing that ITE-2 be accepted.

You can think of ITE-3 as a special case of ITE-2, which is a more general description of how to combine TUF and in-toto to build compromise-resilient CI/CD.

I am now soliciting feedback on whatever this ITE can be accepted as it is. I'd say the only thing missing is how to record TUF timestamps on sigstore's Rekor transparent/tamper-evident log/ledger.

You may find the ITE itself here. Please send your feedback on the GitHub issue here.

Thanks for your time,
Reply all
Reply to author
0 new messages