Blog about Falco artifacts signing and signature verification

[maxgio92]

/area blog

What would you like to be added:

A blog about the signing of the Falco artifacts (plugins and rule set) and related transparent verification of the artifacts' signatures, as OCI artifacts.

The blog should explain:

• the authenticity value added by signatures in the general supply chain security
• which are the artifacts distributed as part of the Falco supply chain
• how signing and verification support have been implemented for the Falco artifacts
• how the end user can benefit from the security features that have been introduced.

Why is this needed:

The blog is needed and is important to share with the community that the Falco ecosystem continuously improve supply chain security.

Additional context:

For reference about the discussion and the decisions made on Falco artifacts signing and signature verification, please refer to https://github.com/falcosecurity/falcoctl/issues/174.

Individual works spanned across:

• https://github.com/falcosecurity/plugins/issues/244
• https://github.com/falcosecurity/rules/issues/65
• https://github.com/falcosecurity/falcoctl/issues/174

[maxgio92]

/assign

[maxgio92]

As discussed with @LucaGuerra we'd like to work on this.

[LucaGuerra]

I will be very happy to work with Max on this. Thank you for tracking it :pray:

[LucaGuerra]

/assign