You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description:
Integrating Sigstore's Cosign to sign the Ballerina Docker Image. Cosign can be used to sign and verify the docker images, in which this case we would use this tool for the Ballerina Image. This would further provide user's the confidence that Ballerina is improving the security in its supply chain.
Describe your problem(s)
Ballerina may be vulnerable to supply chain attacks. If a release of Ballerina is compromised, and its passed on to the user, this will negatively affect his/her experience and thereby hinder the adoption of Ballerina.
Describe your solution(s)
Use the Cosign tool along with the other tools from Sigstore to sign the images being released, the user can thereafter verify it on his/her end.
The text was updated successfully, but these errors were encountered:
Description:
Integrating
Sigstore's Cosign
to sign the Ballerina Docker Image.Cosign
can be used to sign and verify the docker images, in which this case we would use this tool for the Ballerina Image. This would further provide user's the confidence that Ballerina is improving the security in its supply chain.Describe your problem(s)
Ballerina may be vulnerable to supply chain attacks. If a release of Ballerina is compromised, and its passed on to the user, this will negatively affect his/her experience and thereby hinder the adoption of Ballerina.
Describe your solution(s)
Use the
Cosign
tool along with the other tools fromSigstore
to sign the images being released, the user can thereafter verify it on his/her end.The text was updated successfully, but these errors were encountered: