Skip to content

Add support for image verification through cosign #261

@axtloss

Description

@axtloss

We currently make no efforts to verify the downloaded images, this is very insecure and can be a huge downside in enterprise applications.
There are multiple solutions to signing the images, but the easiest would be to simply use cosign as it is made for the purpose of signing and verifying oci images. It's also written in go so it would be even easier for us to integrate it with abroot and vib.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions