CoSign with Kubernetes: Ensure integrity of images before deployment
During the post-exploitation phase, attackers try to enumerate & exploit systems in stealth mode. With containers, it's very easy to run a malicious service by just changing the image name of any deployment. No SOC/IR team will get an alert for this ...
blog.rewanthtammana.com6 min read
Hi Rewanth, Thanks for the write-up as we're all looking to help users find secure solutions. Just a quick note that you're comparing Notary v1. Notary v2 was created, due to the limitations you've outlined. Which cosign chose to follow a subset of these requirements. Please see the scenarios and goals being implemented with Notary v2 for a current comparison. github.com/notaryproject/notaryproject/blob/main/requirements.md A walkthrough of Notary v2, with Kubernetes is available here: github.com/Azure/notation-azure-kv/blob/main/docs… Or, this post from Lachie: medium.com/@LachlanEvenson/container-signing-with…