Start your containers on demand, shut them down automatically when there's no activity. Docker, Docker Swarm Mode and Kubernetes compatible.
GNU Affero General Public License v3.0
1.46k
stars
48
forks
source link
Add docker image signature with cosign #424
Open
acouvreur opened 4 weeks ago
Docker image should be signed with cosign.
See https://github.com/sablierapp/mimic goreleaser configuration. Everything is sign "keyless" using OIDC token from github.
Documentation should be updated so users know how to ensure where the image is coming from.
Signature does not mean safe, it means that it states who it is and where it comes from.
As a user, you should be careful with projects such as Sablier which needs access control over sockets or orchestrators.