Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sign Grype container image via cosign #474

Open
developer-guy opened this issue Oct 22, 2021 · 1 comment
Open

sign Grype container image via cosign #474

developer-guy opened this issue Oct 22, 2021 · 1 comment
Labels
enhancement New feature or request

Comments

@developer-guy
Copy link
Contributor

What would you like to be added:

A tool called cosign1 created and maintained by the sigstore 2 community allows you to sign and verify container images. IINM Grype takes its releases via GoReleaser, luckily cosign is now integrated into GoReleaser.3. Btw, there is a similar topic ongoing for the ossf/scorecard project too.4

Why is this needed:

Additional context:

cc: @luhring @wagoodman

Footnotes

  1. https://github.com/sigstore/cosign

  2. https://sigstore.dev/

  3. https://carlosbecker.com/posts/goreleaser-cosign/

  4. https://github.com/ossf/scorecard/issues/309

@developer-guy developer-guy added the enhancement New feature or request label Oct 22, 2021
@luhring
Copy link
Contributor

luhring commented Oct 22, 2021

Let's focus discussion on the related Syft issue, and then reflect those conclusions back here 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
OSS
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@luhring @developer-guy