Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add docker image signature with cosign #424

Open
acouvreur opened this issue Oct 24, 2024 · 0 comments
Open

Add docker image signature with cosign #424

acouvreur opened this issue Oct 24, 2024 · 0 comments
Assignees
@acouvreur

Comments

@acouvreur
Copy link
Member

Docker image should be signed with cosign.

See https://github.com/sablierapp/mimic goreleaser configuration. Everything is sign "keyless" using OIDC token from github.

Documentation should be updated so users know how to ensure where the image is coming from.

Signature does not mean safe, it means that it states who it is and where it comes from.

As a user, you should be careful with projects such as Sablier which needs access control over sockets or orchestrators.
@acouvreur acouvreur self-assigned this Oct 24, 2024
@acouvreur acouvreur moved this to Backlog in Feature release Oct 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@acouvreur acouvreur

Labels
None yet
Projects
Feature release
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
1 participant
@acouvreur