You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We currently make no efforts to verify the downloaded images, this is very insecure and can be a huge downside in enterprise applications.
There are multiple solutions to signing the images, but the easiest would be to simply use cosign as it is made for the purpose of signing and verifying oci images. It's also written in go so it would be even easier for us to integrate it with abroot and vib.