Red Hat Openshift And Sigstore: A Powerful Pairing For Software Trustworthiness
Red Hat News, Friday, October 27,2023
As containerized software delivery progresses, Red Hat's OpenShift has emerged as a beacon of trust in the open source domain.
At the heart of this is OpenShift's strategic incorporation of Tekton Chains-a Kubernetes Custom Resource Definition (CRD) controller-to boost supply chain security for nearly every task and pipeline.
Moreover, OpenShift integrates Cosign extensively, a pivotal tool from the Sigstore family. With Cosign, OpenShift validates that container images are not only built with integrity but are also cryptographically signed, thereby providing an authentication mechanism that asserts the provenance and integrity of the container images. These verifiable signatures offer an additional layer of trust, verifying that no unauthorized changes have been made post-signing.