Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] Sign Docker images #5724

Open
1 of 2 tasks
willianpaixao opened this issue Dec 3, 2024 · 0 comments
Open
1 of 2 tasks

[Feature] Sign Docker images #5724

willianpaixao opened this issue Dec 3, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@willianpaixao
Copy link

Description

To prevent Supply Chain Attacks, the graph-node Docker image should be signed. It's a simple and one-time setup. I've seen you use GCP ecosystem to build and push to Docker Hub. Simply follow the documentation to setup.

More information can be found at the Sigstore documentation.

A whole walk through sigstore and it's cluster policy controller is described in this blog post.

Are you aware of any blockers that must be resolved before implementing this feature? If so, which? Link to any relevant GitHub issues.

No response

Some information to help us out

  • Tick this box if you plan on implementing this feature yourself.
  • I have searched the issue tracker to make sure this issue is not a duplicate.
@willianpaixao willianpaixao added the enhancement New feature or request label Dec 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@willianpaixao