Have Dataiku DSS Sign Commits

adamnieto
adamnieto Neuron 2020, Neuron, Registered, Neuron 2021, Neuron 2022, Neuron 2023 Posts: 88 Neuron

Problem:

Software supply chain attacks are on the rise and companies are changing policies to prevent these sophisticated attacks. Today, Dataiku DSS doesn't allow for commits to be signed.

Potential Solutions:

1. For companies that utilize GitHub, allow for DSS to authenticate using a GitHub app on a per user basis to sign commits, push and pull to GitHub directly.

2. Provide a way to sign commits using the dssuser/service account's GPG/SSH key.

2
2 votes

New · Last Updated

Setup Info
    Tags
      Help me…