Skip to content

feat(oak_proxy): verify container image digests in Confidential Space#5091

Open
evgenyy-google wants to merge 2 commits intoproject-oak:mainfrom
evgenyy-google:feature/signed-policy-extension
Open

feat(oak_proxy): verify container image digests in Confidential Space#5091
evgenyy-google wants to merge 2 commits intoproject-oak:mainfrom
evgenyy-google:feature/signed-policy-extension

Conversation

@evgenyy-google
Copy link

@evgenyy-google evgenyy-google commented Jan 27, 2026

Adds support for verifying container image digests in the Confidential Space verifier.

Includes:

  • expected_image_digests in ConfidentialSpaceVerifierParams
  • SignedPolicy verification for in-toto statements
  • Unit tests and documentation updates

DISCLAIMER: Heavily vibe coded with mostly design level input, no direct rust exp :)

@evgenyy-google evgenyy-google force-pushed the feature/signed-policy-extension branch from d0ee847 to 7233c5e Compare January 27, 2026 13:20
@evgenyy-google
[oak_proxy] Add --http-error-on-fail flag to client
e78cc1c
@evgenyy-google
feat(oak_proxy): verify container image digests in Confidential Space
82534f7 
Adds support for verifying container image digests in the Confidential Space verifier.

Includes:
- expected_image_digests in ConfidentialSpaceVerifierParams
- SignedPolicy verification for in-toto statements
- Unit tests and documentation updates
@evgenyy-google evgenyy-google force-pushed the feature/signed-policy-extension branch from 78c79b7 to 82534f7 Compare January 27, 2026 16:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@evgenyy-google