Verify Tetragon image signatures
Learn how to verify Tetragon container images signatures.
Prerequisites
You will need to install cosign.
Verify Signed Container Images
Since version 0.8.4, all Tetragon container images are signed using cosign.
Let’s verify a Tetragon image’s signature using the cosign verify command:
COSIGN_EXPERIMENTAL=1 cosign verify --certificate-github-workflow-repository cilium/tetragon --certificate-oidc-issuer https://token.actions.githubusercontent.com <Image URL> | jq
Note
COSIGN_EXPERIMENTAL=1 is used to allow verification of images signed in
KEYLESS mode. To learn more about keyless signing, please refer to Keyless
Signatures.
Last modified August 11, 2023: docs: Update the link to the cosign installation page (b87e355f)