Add Rekor and Trillian as BB sandbox packages
Project
We will grant permissions to submit the proposal
Name: Add Rekor and Trillian as BB sandbox packages (https://docs.sigstore.dev/logging/installation/)
Desired Initial Maturity Level (Sandbox, Incubating, Graduated): Sandbox
Problem Statement (i.e. problem you wan to solve): IronBank team wants to deploy their own signing backend to record the history of every container and artifact we sign with cosign
.
Description: Rekor is a service that cosign
talks to under the hood which provides an immutable, tamper-resistant ledger of signing history and Trillian is a backend log service used by Rekor. These are under-the-hood pieces that cosign
talks to when signing artifacts and IronBank wants to run our own instance so that we can keep our own records.
Initial Members:
- Riley O'Donnell @riley.odonnell