Sign official images with sigstore/cosign #562
Assignees
Labels
community_new
New idea raised by a community contributor
trusted_content
Docker Official Images, Docker Verified Publishers and Docker Sponsored Open Source requests
Comments
|
@developer-guy I meant to link that one too. I wouldn't say a duplicate, but certainly related. #269 is asking to add signing capabilities to docker build. I'm asking for Docker Official Images to be signed, which could be done by calling cosign in their build pipeline. |
|
I changed that with related, thanks, this is more accurate 👋 |
|
Heavy +1, as a maintainer of a library image. |
amyb12345
added
the
trusted_content
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Tell us about your request
It would be helpful to support sigstore/cosign to verify official images from Docker. This could be done in addition to other signing solutions to give users the flexibility to use their own preferred signing solution.
Which service(s) is this request for?
Docker Official Images (DOI).
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
Verify the authenticity of official images. This can only be done by Docker.
Are you currently working around the issue?
Using images other than DOI or using DOI images without verifying their authenticity.
Additional context
I'll open similar issues for other signing tools.
The text was updated successfully, but these errors were encountered: