Distroless Builds Are Now SLSA 2

Categories: Latest Cyber News
Help raise awareness by sharing this page:

Posted by Priya Wadhwa and Appu Goundan, Google Open Source Security Team
A few months ago we announced that we started signing all distroless images with cosign, which allows users to verify that they have the correct image before starting the build process. Signing our images was our first step towards fully securing the distroless supply chain. Since then, we’ve implemented even more…

Thank you for visiting our page! For a deeper dive into this topic, discover the full article by clicking HERE.