Sign in Create account

#cosign — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #cosign, aggregated by home.social.

Derek | ScriptAutomate @scriptautomate · 2024-09-08 · 18:36 UTC

Wondering whether users of #cosign (by #sigstore) and #slsa (slsa-verifier) would have opinions on how to best make use of these verification tools when downloading binaries for use in container images?
I started a StackOverflow discussion here with more details, since I'm new to playing around with these toolchains:
https://stackoverflow.com/beta/discussions/78962951/when-using-tools-like-slsa-verifier-and-cosign-how-do-you-verify-the-verifiers

#cosign #sigstore #slsa
Thor A. Hopland @[email protected] · 2024-06-28 · 14:13 UTC

@patric and #Wolfi apparently uses #Cosign Wooo! That's perfect, because I am actually working on a type of container registry :)
It's still a glmmer in the postmans eye, but it will be spitting out containers - and signing is so important nowadays, especially when you read about security breaches like with #Polyfill
Shout outs to #Cloudflare for just redirecting all that traffic to a safe #CDN. Credit where credit is due.

#cosign #polyfill #cloudflare #cdn #wolfi
Markus Eisele @[email protected] · 2023-10-23 · 14:12 UTC

Securing CICD pipelines with StackRox and Sigstore https://www.opensourcerers.org/2023/10/09/securing-cicd-pipelines-with-stackrox-and-sigstore/
#cosign #sigstore #tekton #Kubernetes #cicd

#cosign #sigstore #tekton #kubernetes #cicd