sumo-drosiek
commented
1 year ago For now there is no such way. We are considering adding checksums, so the binary would be verified against them
Open abstractOwl opened 1 year ago
sumo-drosiek
commented
1 year ago For now there is no such way. We are considering adding checksums, so the binary would be verified against them
Hello! We're currently planning on automatically installing the SumoLogic OpenTelemetry collector for our services using a pre-deploy hook. Is there any way we can verify the collector binary or installer script (i.e. GPG signature) to mitigate against supply-chain attacks?