Cosign tutorial - signing OCI artifacts

Posted August 23, 2022 by Thomas Kooi ‐ 1 min read

Workshop available for using Avisi Managed Environments & GitOps with FluxCD

Cosign allows us to sign our container images and verify the integrity when pulling images from our registry. We have published a tutorial a tutorial on how to use cosign to sign your OCI artifacts.

Cosign is a project part of sigstore, an effort to introduce a new standard for signing, verifying and protecting software.

You can find the tutorial on our GitHub.

Tutorial repository on GitHub