kaniko icon indicating copy to clipboard operation
kaniko copied to clipboard

Published 20 hours ago verified publisher icon GoogleContainerTools

Docker content trust feature in Kaniko build

Open nayan-kalita opened this issue 4 years ago • 5 comments

How do I sign an image and push it to the repository using kaniko.

nayan-kalita avatar Feb 09 '21 08:02 nayan-kalita

can someone update this? we need to sign images build with kaniko to establish content trust. same way how docker build does with DOCKER_CONTENT_TRUST=1

nayan-kalita avatar Feb 10 '21 06:02 nayan-kalita

can someone update this? we need to sign images build with kaniko to establish content trust. same way how docker build does with DOCKER_CONTENT_TRUST=1

Are you able to find any solution to this?

akash2237778 avatar Nov 09 '21 02:11 akash2237778

+1

swarren83 avatar Mar 22 '22 14:03 swarren83

I would recommend signing images built with Kaniko using cosign, after the build is complete, then verifying it before pulling+running it.

imjasonh avatar Mar 22 '22 18:03 imjasonh

I would recommend signing images built with Kaniko using cosign, after the build is complete, then verifying it before pulling+running it.

Even if this works for runtime to ensure end user images are secure, we would like to enforce the team to use signed images as base images, so we fully control what's happening under the hood.

For kanico just adding the check of signatures in public images while building would be really good.

adriannieto-attechnest avatar Jun 29 '22 14:06 adriannieto-attechnest