Cosign tutorial - signing OCI artifacts.

Workshop available for using Avisi Managed Environments & GitOps with FluxCD

Cosign allows us to sign our container images and verify the integrity when pulling images from our registry. We have published a tutorial a tutorial on how to use cosign to sign your OCI artifacts.

Cosign is a project part of sigstore, an effort to introduce a new standard for signing, verifying and protecting software.

You can find the tutorial on our GitHub.