Chapter 2. New features and enhancements

Enterprise Contract supports inspecting multiple architecture types for container images

With this release, Enterprise Contract (EC) now supports artifact verification, and policy enforcement on multiple architecture types for container images. The ec validate image command can inspect individual container images for different system architectures from the image index.

Adding rule data by using a command line argument

With this release, you can inject additional rule data on the command line by using the --extra-rule-data argument to the ec validate image command. For example, you can use this to influence policies so that the behavior for a release pipeline can differ from the behavior in a continuous integration and continuous delivery (CICD) pipeline.

A new report format for Enterprise Contract when validating container images

With this release, the ec validate image command can generate a new report format. You can use the --output text argument with the ec validate image command to produce a new user-friendly output format. This new report format provides details about the violations and warnings only. To view additional details use the JSON or YAML formats.

Support for OpenShift 4.16 and 4.17

With this release, we added support for the Trusted Artifact Signer service running on OpenShift Container Platform 4.16 and 4.17. Customers can install the RHTAS operator from OperatorHub on currently supported releases of OpenShift Container Platform.

Auto-closing for the confirmation page

With this release, we updated the gitsign binary to version 0.10.2. This version enables the auto-closing feature for the Sigstore confirmation page. After a successful authentication, the confirmation page will close in 10 seconds.

Install Trusted Artifact Signer to different namespaces on the same OpenShift cluster

With this release, you can now install the RHTAS service in different namespaces on the same OpenShift cluster.

A new release channel for upgrades

With this release, we added the stable-v1.0 channel that users can subscribe to. Subscribing to this channel gives users automatic upgrades only to the 1.0.x release line. To receive all the latest updates for upcoming minor releases, then subscribe to the stable channel. Also, with this release, we removed the alpha channel.

Monitoring for Trillian

With this release, you can enable monitoring for the Trillian server. To enable monitoring, add the monitoring stanza underneath the trillian stanza, and set enabled to true for the Securesign instance. For example:

Monitoring for Certificate Transparency logs

With this release, you can enable monitoring for the Certificate Transparency logs (CTlog) server. To enable monitoring, add the monitoring stanza underneath the ctlog stanza, and set enabled to true for the Securesign instance. For example:

Improvements to the segment backup jobs

With this release, the Trusted Artifact Signer service has several improvements to the segment backup jobs. Because of existing vulnerabilities, the segment backup jobs have been rewritten in Python, and verifies if cluster-level metrics are allowable.