Software Signing for Kubernetes Supply Chain & Everybody Else
Cloud Security Podcast
00:00
Six Store
With six store, we call it the public good service. So we run this free to use publicly open service that anybody use. And you can sign your own container images then. If that's signed with cosine, then you can verify the source of that container image and that it's not being tampered with essentially. We were talking about the whole non-reprediation earlier as well. How does that cover with knowing that, oh, this is Luke who signed it versus she should sign it? Right. That's a really good question. What we do in six store are using something called OpenID Connect. Which is a protocol that's part of OAuth, OAuth 2
Play episode from 34:59
Transcript
