migmartri opened this issue 3 years ago · 0 comments
The tool could be able to verify the cosign signature of the source container images both using an explicit public key provided as part of the configuration or via a rekor transparent log instance.
Refs bitnami/charts-syncer#139