This article takes a detailed look at GitHub's attestation feature, one of several options for creating and verifying attestations for Docker images and files.| AugmentedMind.de
This article takes a detailed look at image signatures created by Notation, which is one of several tools to create and verify Docker images. Introduction Notation (formerly known as “Notary V2”) is one of the CLI tools under the Notary Project umbrella. Notary Project is a set of specifications and tools to sign and verify ... Read more| AugmentedMind.de
A comparison of tools to sign/verify Docker images and create image attestations, explaining important concepts & providing tool recommendations.| AugmentedMind.de
Announcing support for PEP 740 on the Python Package Index| blog.pypi.org
Admission Controller # The policy-controller admission controller can be used to enforce policy on a Kubernetes cluster based on verifiable supply-chain metadata from cosign. policy-controller also resolves the image tags to ensure the image being ran is not different from when it was admitted. See the installation instructions for more information. This component is still actively under development! Today, policy-controller can automatically validate signatures and attestations on container ...| Sigstore