https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/tags/procedural/Recent content in Procedural onHugo -- gohugo.ioen-USMon, 30 Mar 2026 08:49:31 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/open-source/sigstore/policy-controller/how-to-install-policy-controller/Tue, 21 Feb 2023 13:11:29 +0829https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/open-source/sigstore/policy-controller/how-to-install-policy-controller/The Sigstore Policy Controller is a Kubernetes admission controller that can verify image signatures and policies. You can define policies using the CUE or Rego policy languages. This guide will demonstrate how to install the Policy Controller in your Kubernetes cluster and enable policy enforcement. Prerequisites To follow along with this guide, you will need the following: A Kubernetes cluster with administrative access. You can set up a local cluster using kind or use an existing cluster.https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/open-source/sigstore/rekor/how-to-install-rekor/Sat, 20 Aug 2022 08:49:31 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/open-source/sigstore/rekor/how-to-install-rekor/An earlier version of this material was published in the Rekor chapter of the Linux Foundation Sigstore course. Follow this tutorial for an overview of how to install rekor-cli. To install the Rekor command line interface (rekor-cli) with Go, you will need Go version 1.16 or greater. For Go installation instructions, see the official Go documentation. If you have Go installed already, you can check your Go version via this command.https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/open-source/sigstore/cosign/how-to-install-cosign/Wed, 13 Jul 2022 08:49:31 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/open-source/sigstore/cosign/how-to-install-cosign/An earlier version of this material was published in the Cosign chapter of the Linux Foundation Sigstore course. Cosign supports software artifact signing, verification, and storage in an OCI (Open Container Initiative) registry. By signing software, you can authenticate that you are who you say you are, which can in turn enable a trust root so that developers and consumers who leverage your software can verify that you created the software artifact that you have said you’ve created.https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/open-source/sigstore/rekor/how-to-query-rekor/Sat, 20 Aug 2022 08:49:31 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/open-source/sigstore/rekor/how-to-query-rekor/An earlier version of this material was published in the Rekor chapter of the Linux Foundation Sigstore course. Rekor is the transparency log of Sigstore, which stores records of artifact metadata. Before querying Rekor, you should have the rekor-cli installed, which you can achieve by following the “How to Install the Rekor CLI” tutorial. In order to access the data stored in Rekor, the rekor-cli requires either the log index of an entry or the UUID of a software artifact.https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/open-source/sigstore/cosign/how-to-sign-a-container-with-cosign/Wed, 13 Jul 2022 13:26:54 +0100https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/open-source/sigstore/cosign/how-to-sign-a-container-with-cosign/An earlier version of this material was published in the Cosign chapter of the Linux Foundation Sigstore course. Cosign is a tool you can use to sign software artifacts, which in turn allows you to verify that you are who you say you are, instilling trust across the software ecosystem. Signing software also allows people to understand the provenance of the software, and prevents tampering. Let’s step through signing a container with Cosign.https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/open-source/sigstore/rekor/how-to-sign-and-upload-metadata-to-rekor/Sat, 20 Aug 2022 08:49:31 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/open-source/sigstore/rekor/how-to-sign-and-upload-metadata-to-rekor/An earlier version of this material was published in the Rekor chapter of the Linux Foundation Sigstore course. This tutorial will walk you through signing and uploading metadata to the Rekor transparency log, which is a project of Sigstore. In order to follow along, you’ll need the rekor-cli installed, which you can accomplish by following the “How to Install the Rekor CLI” tutorial. We will use SSH to sign a text document.https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/open-source/sigstore/cosign/how-to-sign-blobs-with-cosign/Wed, 13 Jul 2022 15:22:20 +0100https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/open-source/sigstore/cosign/how-to-sign-blobs-with-cosign/An earlier version of this material was published in the Cosign chapter of the Linux Foundation Sigstore course. Cosign can sign more than just containers. Blobs, or binary large objects, and standard files can be signed in a similar way. You can publish a blob or other artifact to an OCI (Open Container Initiative) registry with Cosign. This tutorial assumes you have a Cosign key pair set up, which you can achieve by following our Introduction to Cosign guide.https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/open-source/sigstore/rekor/install-a-rekor-instance/Sat, 20 Aug 2022 08:49:31 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/open-source/sigstore/rekor/install-a-rekor-instance/An earlier version of this material was published in the Rekor chapter of the Linux Foundation Sigstore course. While individual developers may not generally need to set up their own instance of Rekor, it may be worthwhile to set up your own local instance in order to further understand how Rekor works under the hood. We will have multiple terminal sessions running to set up the Rekor server. You may want to use a tool such as tmux to keep terminal sessions running in the background within the same window.https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/open-source/sigstore/cosign/how-to-sign-an-sbom-with-cosign/Wed, 13 Jul 2022 15:22:20 +0100https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/open-source/sigstore/cosign/how-to-sign-an-sbom-with-cosign/An earlier version of this material was published in the Cosign chapter of the Linux Foundation Sigstore course. Cosign, developed as part of the Sigstore project, is a command line utility for signing, verifying, storing, and retrieving software artifacts through interface with an OCI (Open Container Initiative) registry. Cosign can be used to sign attestations, or a verifiable assertion or statement about a software artifact. What is an Attestation? An attestation is a cryptographically verifiable statement about a software artifact.https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/open-source/sigstore/policy-controller/policies/disallowing-non-default-capabilities-with-policy-controller/Thu, 02 Mar 2023 13:11:29 +0829https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/open-source/sigstore/policy-controller/policies/disallowing-non-default-capabilities-with-policy-controller/This guide demonstrates how to use the Sigstore Policy Controller to prevent running containers with extra capabilities. You will create a ClusterImagePolicy that uses the CUE language to examine a pod spec, and only allow admission into a cluster if the pod is running with one or many Linux capabilities from defined set of safe capabilities flags. Prerequisites To follow along with this guide, you will need the following: A Kubernetes cluster with administrative access.