This patch adds a first PoC for cosign-signed container images. Cosign
helps to authenticate the origin of a container image and is an
important step towards supply chain integrity in the container
ecosystem.
This patch only introduces this change to nightly builds, in order to
evaluate the changes before we utilise them for releases.
This patch adds a first PoC for cosign-signed container images. Cosign helps to authenticate the origin of a container image and is an important step towards supply chain integrity in the container ecosystem.
This patch only introduces this change to nightly builds, in order to evaluate the changes before we utilise them for releases.