Container Image Security (Signing and Scanning with tools like Cosign, Trivy) I hope you are enjoying the Kubernetes security posts that I am currently sharing. They have honestly been interesting so …

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

A hands-on walkthrough of container image security using Cosign for signing and Trivy for vulnerability scanning. Covers local image signing with Cosign, keyless signing via GitHub Actions OIDC tokens, configuring Trivy to fail CI builds on CRITICAL/HIGH vulnerabilities, blocking unsafe Docker pushes, and generating SBOMs. Also touches on how Kyverno/OPA Gatekeeper can enforce policies to block unsigned or unsafe images from entering Kubernetes clusters.

Container Image Security (Signing and Scanning with tools like Cosign, Trivy)

Trivy: Stopping vulnerabilities before they move forward