-
Notifications
You must be signed in to change notification settings - Fork 293
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sign container images after built #1443
Comments
kindly ping @samj1912 |
Related buildpacks/rfcs#195 and #268 (comment) @developer-guy perfect timing! We have been actively working to get cosign integration, along with sbom attestations integrated in the project! We would love to have contributors help with the implementation once RFC 195 is merged (which should happen this week or the next). Would you and @Dentrax be interested in helping with the implementation? This would help not only pack but any buildpacks based platform so it would be a huge win. |
(Accidentally closed, reopened again) |
OFC, we'd love to help 🤩 |
@developer-guy @samj1912 @Dentrax Guys I also want to work on this issue @developer-guy could you please guide me with more information. |
Closing as duplicate of #268 |
Description
We (w/@Dentrax) thought that it'd be nice if pack CLI has the support of signing container images right after building them without requiring any additional steps to sign container images based on cosign, a tool developed by the sigstore community that lets you sign, and verify container images according to several types of key management types, or any other signing tool.
Proposed solution
Maybe we can add additional flag to the build command in pack CLI to enable signing, it'll be look like this:
# Set default signer to the config $ paketo config default-signer cosign
Describe alternatives you've considered
Additional context
The text was updated successfully, but these errors were encountered: