devops

Image Signing

Container Image Signing

Definition

Image signing cryptographically attests that a container image was produced by a trusted source and has not been tampered with since it was signed. Signed images create a verifiable chain of custody from build pipeline to production deployment.

Admission controllers can enforce that only signed images from approved signers are deployed to Kubernetes clusters.

Related Terms

cosign

Notary

OCI

Open Container Initiative

Container Image

← Back to Glossary

Ship secure code faster

Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.

Talk to a Human See the Product