Tutorial: Cosign Signature, Attestation, Trivy Reports and Kyverno Policies

Опубликовано: 30 Январь 2025
на канале: Anais Urlichs
1,693
57

In this tutorial, we are combining three amazing security tools: Trivy, Cosign and Kyverno

We will
Sign our container image with Cosign
Generate a vulnerability report with Trivy and an attestation of the report with Cosign
Set up Kyverno with a Policy to verify our signature and attestation

✍️The blog post to this video:
https://anaisurl.com/trivy-cosign-kyv...

Special shoutout to Unni for collaborating on making this tutorial work!
  / iamunnip  

📚Additional Resources📚
Trivy: https://github.com/aquasecurity/trivy
Cosign: https://github.com/sigstore/cosign
Kyverno: https://kyverno.io/

Previous Kyverno tutorial:    • Kyverno Overview -- Defining Kubernet...