DevOps Articles

Curated articles, resources, tips and trends from the DevOps World.

Kubernetes Adopts Sigstore for Supply Chain Security

3 years ago thenewstack.io
Kubernetes Adopts Sigstore for Supply Chain Security

Summary: This is a summary of an article originally published by The New Stack. Read the full original article here →

With the release of https://kubernetes.io/ 1.24 on May 4, for the first time, over five million Kubernetes developers can verify that the distributions they’re using are what they claim to be. That’s because with this release Kubernetes is adopting https://www.sigstore.dev/ for signing artifacts and verifying signatures.

All too often software components are poisoned, and every program built on them wither and die with them.

It improves software supply chain security by making it easy to cryptographically sign release files, container images, and binaries.

In early 2021, the crew began exploring https://slsa.dev/, pronounced salsa) compliance to improve Kubernetes software supply chain security.

Made with pure grit © 2024 Jetpack Labs Inc. All rights reserved. www.jetpacklabs.com