SonarQube Helm Chart PGP Signature/Provenance Layer

j.b · March 22, 2025, 10:46pm

Hello,

I am trying to deploy SonarQube server using helm charts.
I noticed that the helm chart for Sonarqube is not signed and nor does it have a link to the PGP key.

I am using this link to download the chart:
Artifact Hub Link

Would it be possible for the team maintaining the chart to add a signature/provenance layer to it?
Helm Provenance

For example as done in this chart:
Example

That way every time a helm pull , upgrade or install command needs to be run, the --verify flag can be used to check the integrity of the helm chart package.

jeremy.cotineau · March 31, 2025, 12:11pm

Hello @j.b thanks a lot for this feedback, this is indeed a very good feature we could implement.

I’ll create a ticket to track the progress of it. Nonetheless please do not expect an ETA for now.

Regards,
Jérémy.

Topic		Replies	Views
SonarQube - Helm chart - Contribute SonarQube Server / Community Build	1	319	August 23, 2023
Helm chart install, any way for caCerts to support a ConfigMap? SonarQube Server / Community Build helm	1	401	November 17, 2023
SonarQube Helm chart 10.6.1 released Releases	2	235	August 13, 2024
Add Self-Signed Certificate to Java Truststore when NOT using Helm SonarQube Server / Community Build ssl	2	114	July 24, 2024
Helm chart version naming SonarQube Server / Community Build helm	2	320	April 24, 2024

SonarQube Helm Chart PGP Signature/Provenance Layer

Related topics