Skip to content

DevSecOps

Automate Image signing with Tekton Chains to Private Registry

As we hear about more and more (software) Supply Chain attacks, securing our software supply chain becomes increasingly important. One of the ways to do this is to sign our container images.

In this post, we will look at how to automate the signing of container images using Tekton Chains6.

We use the Tekton Operator, Kyverno, SecretGen Controller, and Kaniko to automate the signing of the images. Then, verify the image's signature using the cosign tool.

ChatGPT Generated title image