Automatic signing #77
varunsh-coder
started this conversation in
Ideas
Replies: 2 comments
-
|
So I've noticed that the cosign process is creating additional entries on the registries causing my shields.io badge to not display properly. It's unclear to me right now if it is something I'm doing incorrectly, the shields team will have to filter out or new functionality that registries will have to support/implement. More information captured here: docker/roadmap#269 (comment) |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Now tracking my findings here: jauderho/dockerfiles#149 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Would you like
harden-runnerto automatically sign your build artifact? Signing releases is a Scorecards requirement, but is hard to do.@jauderho has created a sample workflow for key-less signing and SBOM generation here:
https://github.com/jauderho/dockerfiles/blob/main/.github/workflows/age.yml
https://github.com/jauderho/dockerfiles/actions/runs/1755633128
Beta Was this translation helpful? Give feedback.
All reactions