Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrate Cosign to sign Ballerina Docker Images #4621

Open
Miranlfk opened this issue Jun 26, 2023 · 0 comments
Open

Integrate Cosign to sign Ballerina Docker Images #4621

Miranlfk opened this issue Jun 26, 2023 · 0 comments
Labels
Type/NewFeature

Comments

@Miranlfk
Copy link
Contributor

Description:
Integrating Sigstore's Cosign to sign the Ballerina Docker Image. Cosign can be used to sign and verify the docker images, in which this case we would use this tool for the Ballerina Image. This would further provide user's the confidence that Ballerina is improving the security in its supply chain.

Describe your problem(s)
Ballerina may be vulnerable to supply chain attacks. If a release of Ballerina is compromised, and its passed on to the user, this will negatively affect his/her experience and thereby hinder the adoption of Ballerina.

Describe your solution(s)
Use the Cosign tool along with the other tools from Sigstore to sign the images being released, the user can thereafter verify it on his/her end.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type/NewFeature
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Sign docker image using cosign Miranlfk/ballerina-distribution
1 participant
@Miranlfk