Have Dataiku DSS Sign Commits
adamnieto
Neuron 2020, Neuron, Registered, Neuron 2021, Neuron 2022, Neuron 2023 Posts: 88 Neuron
Problem:
Software supply chain attacks are on the rise and companies are changing policies to prevent these sophisticated attacks. Today, Dataiku DSS doesn't allow for commits to be signed.
Potential Solutions:
1. For companies that utilize GitHub, allow for DSS to authenticate using a GitHub app on a per user basis to sign commits, push and pull to GitHub directly.
2. Provide a way to sign commits using the dssuser/service account's GPG/SSH key.
Tagged: