extensions-sdk icon indicating copy to clipboard operation
extensions-sdk copied to clipboard

Published 20 hours ago verified publisher icon docker

Sign Docker extensions by default using cosign

Open Dentrax opened this issue 3 years ago • 1 comments

We (@developer-guy) thought that we can add cosign support in the boilerplate. Similar to how GitHub did for Action starter workflow. ^1 So that developers can sign their extensions (+ images) by default. Leveraging this gives your users confidence that the extensions they got from Docker's extension market was the trusted code that you built and published.

Furthermore, we can add a signed icon in the Docker Extension UI like how ArtifactHub did as follows:

Screen Shot 2022-05-12 at 16 35 31

cc @dlorenc @cpanato

Dentrax avatar May 12 '22 13:05 Dentrax

Thanks, this is in our backlog. Indeed, this with a badge displayed can increase user confidence

gtardif avatar May 19 '22 08:05 gtardif