Quote a command to avoid any risk of side-effects from a malicious BoM
Avoid a use of grep where awk can achieve the same outcome
Co-authored-by: Sascha Grunert <sgrunert@redhat.com>
* Add container image signing docs
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
* Creates a task page to verify signed control plane container images
* Added info about cosigned and why we need cosign in experimental mode
Updates based on PR review
Apply suggestions from code review
Co-authored-by: Tim Bannister <tim@scalefactory.com>
* Uses K8s SBoM to get list of signed images
Apply suggestions from code review
Co-authored-by: Qiming Teng <tengqm@outlook.com>
Co-authored-by: Chris Negus <cnegus@redhat.com>
* Add current scope of sign/verify
Co-authored-by: Sascha Grunert <sgrunert@redhat.com>
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Co-authored-by: Qiming Teng <tengqm@outlook.com>
Co-authored-by: Chris Negus <cnegus@redhat.com>
This patch outlines basic documentation about how container image
signing works and which images are signed for official Kubernetes
releases.
Refers to https://github.com/kubernetes/enhancements/issues/3031
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
Rohit Ghumare
Aeva Black
Tim Bannister
Pushkar Joglekar
Sascha Grunert
Jim Angel