You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
In order to secure the supply chain, cluster operators are starting to use tools like Ratify to verify images used on their clusters.
Describe the solution you'd like
In order to the ZAP container image to be able to pass signature verification, the docker images should be signed. This can simply be done using Cosign and keyless signing during the build of the image in GitHub Actions.
Describe alternatives you've considered
The image could also be signed using a private key, but it would take additional work to manage that private key.
Screenshots
Additional context
No response
Would you like to help fix this issue?
Yes
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
In order to secure the supply chain, cluster operators are starting to use tools like Ratify to verify images used on their clusters.
Describe the solution you'd like
In order to the ZAP container image to be able to pass signature verification, the docker images should be signed. This can simply be done using Cosign and keyless signing during the build of the image in GitHub Actions.
Describe alternatives you've considered
The image could also be signed using a private key, but it would take additional work to manage that private key.
Screenshots
Additional context
No response
Would you like to help fix this issue?
The text was updated successfully, but these errors were encountered: