feat(cosign): implement cosign for signing docker images in CI #278
Assignees
Labels
enhancement
New feature or request
security-devsecops
Security features to improve the security posture and implement DevSecpOps
Comments
abhisheksr01
added
the
security-devsecops
abhisheksr01
changed the title
abhisheksr01
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Implement sigstore/cosign for adding provenance and signing the container image in GitHub Action CI.
Use Case
Once the image is built in the CI and should be signed in the GHA CI.
Proposed Solution
Implement and document the use of cosign in the CI. Document why it's needed.
Benefits
Secure use of container images.
Example
Additional Information
https://github.com/sigstore/cosign
The text was updated successfully, but these errors were encountered: