You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A tool called cosign1 created and maintained by the sigstore2 community allows you to sign and verify container images. IINM Grype takes its releases via GoReleaser, luckily cosign is now integrated into GoReleaser.3. Btw, there is a similar topic ongoing for the ossf/scorecard project too.4
What would you like to be added:
A tool called
cosign
1 created and maintained by thesigstore
2 community allows you to sign and verify container images. IINMGrype
takes its releases viaGoReleaser,
luckilycosign
is now integrated intoGoReleaser.
3. Btw, there is a similar topic ongoing for theossf/scorecard
project too.4Why is this needed:
Additional context:
cc: @luhring @wagoodman
Footnotes
https://github.com/sigstore/cosign ↩
https://sigstore.dev/ ↩
https://carlosbecker.com/posts/goreleaser-cosign/ ↩
https://github.com/ossf/scorecard/issues/309 ↩
The text was updated successfully, but these errors were encountered: