GitXplorerGitXplorer
t

chains

public
246 stars
126 forks
58 issues

Commits

List of commits on branch main.
Verified
48647a129c0fba0dfbe0a10fc9e40e3d4cb5273b

Merge pull request #1204 from lcarva/update-releases-v0-22-1

llcarva committed 8 hours ago
Verified
dfed5bab05ad3ded7775fb77e80ad43f6f2c300b

Merge pull request #1208 from PuneetPunamiya/bump-go-dependencies

llcarva committed 2 days ago
Unverified
2c9888d99cecc4e9b9ebff6ecf64c8ae54a6b1b9

Updates go.mod

PPuneetPunamiya committed 2 days ago
Verified
4176b05a60cfb8497da75690ccdb0ed88d09fb31

Bump the all group across 1 directory with 25 updates

ddependabot[bot] committed 2 days ago
Verified
1e2519be06806fd6e81a203e4b43eaddd9332354

Disable linter for dependabot PRs (#1206)

llcarva committed 2 days ago
Verified
2230e92561e2ea279ebe9699c04bfa5ed49f945a

Updates github actions to sync with supported release versions of pipeline and kubernetes (#1200)

PPuneetPunamiya committed 2 days ago

README

The README file for this repository.

Tekton Chains

CII Best Practices

Supply Chain Security in Tekton Pipelines

Tekton Chains logo

Getting Started

Tekton Chains is a Kubernetes Custom Resource Definition (CRD) controller that allows you to manage your supply chain security in Tekton.

In its default mode of operation, Chains works by observing all TaskRuns executions in your cluster. When TaskRuns complete, Chains takes a snapshot of them. Chains then converts this snapshot to one or more standard payload formats, signs them and stores them somewhere.

Current features include:

  • Signing TaskRun results with user provided cryptographic keys, including TaskRuns themselves and OCI Images
  • Attestation formats like intoto
  • Signing with a variety of cryptographic key types and services (x509, KMS)
  • Support for multiple storage backends for signatures

Installation

Prerequisite: you'll need Tekton Pipelines installed on your cluster before you install Chains.

To install the latest version of Chains to your Kubernetes cluster, run:

kubectl apply --filename https://storage.googleapis.com/tekton-releases/chains/latest/release.yaml

To install a specific version of Chains, run:

kubectl apply -f https://storage.googleapis.com/tekton-releases/chains/previous/${VERSION}/release.yaml

To verify that installation was successful, wait until all Pods have Status Running:

kubectl get po -n tekton-chains --watch
NAME                                       READY   STATUS      RESTARTS   AGE
tekton-chains-controller-c4f7c57c4-nrjb2   1/1     Running     0          160m

Setup

To finish setting up Chains, please complete the following steps:

Vendor specific documentation

Any additional documentation specific to particular cloud vendors can be found at docs/vendor.

Tutorials

To get started with Chains, try out our getting started tutorial.

To start signing OCI images and generating signed provenance for them, try our signed provenance tutorial.

Community tutorials

The Chains community has been hard at work creating tutorials as well:

Experimental Features

To learn more about experimental features, check out experimental.md

Want to contribute

We are so excited to have you!

  • See CONTRIBUTING.md for an overview of our processes
  • See DEVELOPMENT.md for how to get started
  • See ROADMAP.md for the current roadmap Check out our good first issues and our help wanted issues to get started!
  • See releases.md for our release cadence and processes

To learn more about Chains:

  • Chat with us in the #chains Slack channel
  • Attend the Chains Working Group meeting, details here