Stronger Supply Chain Security Coming to Argo
Stronger Supply Chain Security Coming to Argo
blog.argoproj.io Security: Supply chain Security
Security has always been a core focus of the project and that effort continues with upcoming features around supply chain security
In March 2023, Argo CD completed a refactor of the release process in order to provide a SLSA Level 3 provenance for container images and CLI binaries. The CNCF also commissioned a security audit of Argo CD which was conducted by ChainGuard. The audit found that Argo CD achieved SLSA Level 3 v0.1 across the source, build, and provenance sections.
The Argo Project will next rollout attestations to Argo Rollouts, then follow with the remaining projects. SLSA has recently announced the SLSA Version 1.0 specifications, which Argo plans to embrace.
0
comments