Skip to content
/ killercoda-tutorials Public

An interactive Killercoda tutorial teaching developers how to secure container images using Cosign and Sigstore.

killercoda.com/putastep/scenario/docker-signing
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

putastep/killercoda-tutorials

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
docker-signing
docker-signing
 
 
README.md
README.md
 
 

Repository files navigation

Docker Image Signing with Cosign

Interactive tutorial teaching container image security using Sigstore's Cosign tool.

What You'll Learn

  • Generate signing keys with Cosign
  • Sign container images cryptographically
  • Verify image authenticity and integrity
  • Understand supply chain security risks

Why It Matters

Unsigned container images can be tampered with between build and deployment. Signing provides:

  • Integrity - Detect modifications
  • Authenticity - Verify the source
  • Trust - Run only verified images

Tutorial Steps

  1. Create an unsigned image
  2. Demonstrate vulnerability by injecting malicious code
  3. Install Cosign
  4. Generate cryptographic key pair
  5. Sign a container image
  6. Verify signatures and prevent tampering

Technologies

  • Docker
  • Cosign (Sigstore)

No installation required - runs entirely in your browser at https://killercoda.com/putastep/scenario/docker-signing

About

An interactive Killercoda tutorial teaching developers how to secure container images using Cosign and Sigstore.

killercoda.com/putastep/scenario/docker-signing

Topics

docker security killercoda

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Languages