Skip to content
/ nais-verification Public

A fasit-feature to create nais-verification team/namespace via Console

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

nais/nais-verification

BranchesTags

Repository files navigation

nais-verification

A fasit-feature to create nais-verification team/namespace via NAIS Teams

Rough outline of how it works:

  1. Feature is enabled in fasit
  2. Install creates a Job which uses NAIS Teams API to create nais-verification team
  3. Post-install hook uses NAIS Teams API to get nais-verification deploy key and saves it in a secret in the namespace
  4. Profit!

Verifying the nais-verification images and their contents

The images are signed "keylessly" using Sigstore cosign. To verify their authenticity run

cosign verify \
--certificate-identity "https://github.com/nais/nais-verification/.github/workflows/main.yml@refs/heads/main" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
ghcr.io/nais/nais-verification@sha256:<shasum>

The images are also attested with SBOMs in the CycloneDX format. You can verify these by running

cosign verify-attestation --type cyclonedx  \
--certificate-identity "https://github.com/nais/nais-verification/.github/workflows/main.yml@refs/heads/main" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
ghcr.io/nais/nais-verification@sha256:<shasum>@sha256:<shasum>

About

A fasit-feature to create nais-verification team/namespace via Console

Topics

nais-features

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors 7

Languages