cosign icon indicating copy to clipboard operation
cosign copied to clipboard

Published 20 hours ago verified publisher icon sigstore

Idea: kubectl plugin to embed signatures in objects

Open dlorenc opened this issue 4 years ago • 5 comments
trafficstars

This could work something like:

1. Go through a k8s object looking for images
2. For each image, pull do something like "cosign verify" and get all verified payloads
3. Attach those payloads directly into the k8s object as annotations

This way deployment time policy enforcement (OPA, etc.) could look directly at the yaml rather than needing to interact with an external service.

dlorenc avatar Mar 01 '21 17:03 dlorenc