Automatic SBOMs with ko

For those unfamiliar with ko, it “is a simple, fast container image builder for Go applications;” its objective is to enable developers to stop worrying about containers, and focus on their application.  The philosophy of ko aligns with our mission at Chainguard: to make the software supply chain secure by…

Keyless Signing with Tekton on Amazon EKS

In this post, we’ll walk you through setting up Tekton Chains on Amazon EKS to improve the security of your Tekton pipelines. Tekton Chains simplifies signing software via “keyless signing”, which means that users don’t have to manage private keys or be responsible for distributing public keys. Instead,…

Keyless Signing with Tekton on AKS

In a previous blog article, we illustrated how simple it was to use Sigstore on Amazon EKS to perform keyless signing. Keyless signing is now also available on Azure AKS thanks to the recent addition of OpenID Issuer support. In this post, we will sign images created on an AKS…