Skip to content

feat(cosign): implement cosign for signing docker images in CI #278

New issue
New issue
Open
Open
feat(cosign): implement cosign for signing docker images in CI#278
Assignees
abhisheksr01
Labels
enhancementNew feature or requestsecurity-devsecopsSecurity features to improve the security posture and implement DevSecpOps
@abhisheksr01

Description

@abhisheksr01
abhisheksr01
opened on Jan 11, 2024

Description

Implement sigstore/cosign for adding provenance and signing the container image in GitHub Action CI.

Use Case

Once the image is built in the CI and should be signed in the GHA CI.

Proposed Solution

Implement and document the use of cosign in the CI. Document why it's needed.

Benefits

Secure use of container images.

Example

Additional Information

https://github.com/sigstore/cosign

Metadata

Metadata

Assignees

Labels

enhancementNew feature or requestsecurity-devsecopsSecurity features to improve the security posture and implement DevSecpOps

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions