Cosign Verification
Last updated
Was this helpful?
Last updated
Was this helpful?
This guide demonstrates how to verify signed artifacts (i.e., container images, Helm charts) hosted on ocir.immuta.com using Cosign from Sigstore.
The provided key is used to sign the Helm chart and container images.
A DIGESTS.md
markdown file comes bundled in the Helm chart and contains a comprehensive list of images and digests referenced. To view the file, follow these steps:
Download and extract the Helm chart into the working directory.
Open file immuta-enterprise/DIGESTS.md
Verify an artifact's signature by referencing Immuta's public key.