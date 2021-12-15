As developers have leaned into cloud native projects for scale and maintainability, the popularity of containers has exploded. With 92% of organizations leveraging containers in production, it’s safe to say they are here to stay. Unfortunately, so are their security risks. Most containers available today are vulnerable to supply chain attacks, because they can be published with nothing more than a simple API key. If that key leaks, it’s easy for an attacker to publish a legitimate looking container that actually contains malware. One of the best ways to protect users from these kinds of attacks is by signing the image at creation time so that developers can verify that the code they received is the code that the maintainer authored.

SOFTWARE ・ 14 DAYS AGO