-
Notifications
You must be signed in to change notification settings - Fork 720
7 ‐ SLSA compliant charts
Nicholas openSUSE Software Engineer edited this page Nov 14, 2024
·
5 revisions
There is a new file on the root of the repository called:
slsa.yaml
All charts with image dependencies with SLSA compliance must define the image names there.
The first chart to adhere to the SLSA standards is:
rancher-cis-benchmark
When this was written, it had only 1 image dependency with SLSA compliance:
rancher/cis-operator
Once the image is defined there, it will no longer be synced to the prime registry.
The images with SLSA compliance must sync with the prime registry from the upstream repository. Therefore, we can not overwrite it once the chart is released.
More information on SLSA compliance: SLSA Guidance Doc
PR implementing this sync bypass: https://github.com/rancher/charts-build-scripts/pull/153