A blog about the signing of the Falco artifacts (plugins and rule set) and related transparent verification of the artifacts' signatures, as OCI artifacts.
The blog should explain:
the authenticity value added by signatures in the general supply chain security
which are the artifacts distributed as part of the Falco supply chain
how signing and verification support have been implemented for the Falco artifacts
how the end user can benefit from the security features that have been introduced.
Why is this needed:
The blog is needed and is important to share with the community that the Falco ecosystem continuously improve supply chain security.
/area blog
What would you like to be added:
A blog about the signing of the Falco artifacts (plugins and rule set) and related transparent verification of the artifacts' signatures, as OCI artifacts.
The blog should explain:
Why is this needed:
The blog is needed and is important to share with the community that the Falco ecosystem continuously improve supply chain security.
Additional context:
For reference about the discussion and the decisions made on Falco artifacts signing and signature verification, please refer to https://github.com/falcosecurity/falcoctl/issues/174.
Individual works spanned across: