Open Fluctuationqt opened 2 years ago
From xsk created by alexkuklin: SAP/xsk#1204
Any kind of automatic or semi-automatic deployment to production environment may pose security risks if there's no image verification implemented.
With k8s image verification can be implemented with OPA/Gatekeeper or Connaisseur tools.
We need image signing implemented in pipelines from github side to make it work.
Related: #1052
Fluctuationqt
commented
2 years ago Fluctuationqt
commented
2 years ago
From xsk created by alexkuklin: SAP/xsk#1204
Any kind of automatic or semi-automatic deployment to production environment may pose security risks if there's no image verification implemented.
With k8s image verification can be implemented with OPA/Gatekeeper or Connaisseur tools.
We need image signing implemented in pipelines from github side to make it work.