-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Signed Images #652
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Software Bill of Materials (SBOM) provides insights of the components involved, a bit like a nested ingredient list and signed images enables the user to verify that the image actually contains what it clams to.
I've noticed that other images within the Cilium project are signed by cosign and I believe it would provide good value from a security perspective to be able to validate the images, although I couldn't find such signatures from the Hubble images.
See here for more information:
https://docs.cilium.io/en/stable/configuration/verify-image-signatures/#verify-signed-container-images
cilium/cilium#21918
The text was updated successfully, but these errors were encountered: