Container Image Signing With Cosign and Jenkins 

I think you should start 12:35 at the beginning of the video, and then show the process.

Explained very well 👍, thanks sir

Process is simple if you create key in cosign... but becomes very tedious and complicated if you want to use your GPG key pair you may be using elsewhere in your pipelines. At least until cosign can import GPG keys directly, it's easy when utilising KMSes for everything...

Did you install cosign plugin in jenkins? How did cosign command work in your jenkinsfile??

That’s pretty cool … is there any API to verify after deployment as the verify is within the agent. Also the co-sign software should be installed in prod env to verify ? I am asking from audit point if they want to verify what’s deployed in prod

How can we do this process when I want to sign the image with TLS certificate ?

I setup COSIGN_PASSWORD as env variable even though it's giving prompt to enter the password for cosign private key. How can we bypass it ???

But whats the use of cosign password as Environment variables in this case.We are sign the image with the help of private key isnt?