sign container images after built #1443
Labels
help wanted
Need some extra hands to get this done.
status/ready
Issue ready to be worked on.
type/enhancement
Issue that requests a new feature or improvement.
Comments
developer-guy
added
status/triage
developer-guy
changed the title
|
kindly ping @samj1912 |
|
Related buildpacks/rfcs#195 and #268 (comment) @developer-guy perfect timing! We have been actively working to get cosign integration, along with sbom attestations integrated in the project! We would love to have contributors help with the implementation once RFC 195 is merged (which should happen this week or the next). Would you and @Dentrax be interested in helping with the implementation? This would help not only pack but any buildpacks based platform so it would be a huge win. |
|
(Accidentally closed, reopened again) |
|
OFC, we'd love to help 🤩 |
natalieparellano
added
status/ready
|
@developer-guy @samj1912 @Dentrax Guys I also want to work on this issue @developer-guy could you please guide me with more information. |
|
Closing as duplicate of #268 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
We (w/@Dentrax) thought that it'd be nice if pack CLI has the support of signing container images right after building them without requiring any additional steps to sign container images based on cosign, a tool developed by the sigstore community that lets you sign, and verify container images according to several types of key management types, or any other signing tool.
Proposed solution
Maybe we can add additional flag to the build command in pack CLI to enable signing, it'll be look like this:
# Set default signer to the config $ paketo config default-signer cosignDescribe alternatives you've considered
Additional context
The text was updated successfully, but these errors were encountered: