Cosign
devsecops signing
Sigstore container signing and verification tool
Prerequisites:
docker
Pros and Cons
Ventajas
- + Simple container signing
- + Keyless signing with OIDC
- + Part of Sigstore project
- + CI/CD integration
- + Admission verification
Desventajas
- - Relatively new
- - Requires trust infrastructure
- - Learning curve
Casos de Uso
- Container image signing
- Supply chain security
- Kubernetes verification
- Image compliance