Automatic SBOMs with ko

For those unfamiliar with ko, it “is a simple, fast container image builder for Go applications;” its objective is to enable developers to stop worrying about containers, and focus on their application.  The philosophy of ko aligns with our mission at Chainguard: to make the software supply chain secure by…

Keyless Signing with Tekton on Amazon EKS

In this post, we’ll walk you through setting up Tekton Chains on Amazon EKS to improve the security of your Tekton pipelines. Tekton Chains simplifies signing software via “keyless signing”, which means that users don’t have to manage private keys or be responsible for distributing public keys. Instead,…

Keyless Signing with Tekton on AKS

In a previous blog article, we illustrated how simple it was to use Sigstore on Amazon EKS to perform keyless signing. Keyless signing is now also available on Azure AKS thanks to the recent addition of OpenID Issuer support. In this post, we will sign images created on an AKS…

How To Verify Cosigned Container Images In Amazon ECS

In a previous blog post, we demonstrated how to sign container images with sigstore’s Cosign via AWS CodePipeline. Now it’s time to deploy that image, but how do we verify it is signed? In Kubernetes, we would use an admission controller to validate that the image is signed.…