From 34339c9fd1b9c01130d28fa0cd25a61aef4d3dc6 Mon Sep 17 00:00:00 2001 From: Daniel Chadwick Date: Tue, 28 May 2024 16:57:31 -0400 Subject: [PATCH] osdocs9673: creating sigstore modules --- _topic_maps/_topic_map.yml | 2 ++ modules/nodes-sigstore-using-about.adoc | 9 +++++++++ nodes/nodes-sigstore-using.adoc | 17 +++++++++++++++++ 3 files changed, 28 insertions(+) create mode 100644 modules/nodes-sigstore-using-about.adoc create mode 100644 nodes/nodes-sigstore-using.adoc diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml index d83ef1de65..f5ef3342c0 100644 --- a/_topic_maps/_topic_map.yml +++ b/_topic_maps/_topic_map.yml @@ -2624,6 +2624,8 @@ Topics: File: nodes-sno-worker-nodes - Name: Node metrics dashboard File: nodes-dashboard-using +- Name: Manage secure signatures with sigstore + File: nodes-sigstore-using --- Name: Windows Container Support for OpenShift Dir: windows_containers diff --git a/modules/nodes-sigstore-using-about.adoc b/modules/nodes-sigstore-using-about.adoc new file mode 100644 index 0000000000..39ffe2ec58 --- /dev/null +++ b/modules/nodes-sigstore-using-about.adoc @@ -0,0 +1,9 @@ +// Module included in the following assemblies: +// +// * nodes/nodes-sigstore-using.adoc + +:_mod-docs-content-type: CONCEPT +[id="nodes-sigstore-using-about_{context}"] += About the sigstore project + +The sigstore project enables developers to sign-off on what they build and administrators to verify signatures and monitor workflows at scale. With the sigstore project, signatures can be stored in the same registry as the build images. A second server is not needed. The identity piece of a signature is tied to the OpenID Connect (OIDC) identity through the Fulcio certificate authority, which simplifies the signature process by allowing key-less signing. Additionally, sigstore includes Rekor, which records signature metadata to an immutable, tamper-resistant ledger. \ No newline at end of file diff --git a/nodes/nodes-sigstore-using.adoc b/nodes/nodes-sigstore-using.adoc new file mode 100644 index 0000000000..fac9b83541 --- /dev/null +++ b/nodes/nodes-sigstore-using.adoc @@ -0,0 +1,17 @@ +:_mod-docs-content-type: ASSEMBLY +[id="nodes-sigstore-using"] += Manage secure signatures with sigstore +include::_attributes/common-attributes.adoc[] +:context: nodes-sigstore-using + +toc::[] + +You can use the sigstore project with {product-title} to improve supply chain security. + +// The following include statements pull in the module files that comprise +// the assembly. Include any combination of concept, procedure, or reference +// modules required to cover the user story. You can also include other +// assemblies. + +// AManage secure signatures with SigStore +include::modules/nodes-sigstore-using-about.adoc[leveloffset=+1] \ No newline at end of file