How to use cosign gatekeeper provider to validate signed images before pulling them

sigstore / cosign-gatekeeper-provider

🔮 ✈️ to integrate OPA Gatekeeper's new ExternalData feature with cosign to determine whether the images are valid by verifying their signatures

Apache License 2.0

76 stars 23 forks source link

How to use cosign gatekeeper provider to validate signed images before pulling them #93

Open akshaygit opened 1 month ago

akshaygit commented 1 month ago

Question Dear maintainers, I am looking for cosign gatekeeper policies or resources for validating signed images. We have a requirement where we want to block the images which are not signed and only pull cosign verified signed images. Any help will be greatly appreciated. Thanks in advance.