Feat: Use Sigstore Cosign to sign docker images and push signature

[releng/global-jjb.git] / releasenotes / notes / sign-images-cosign-b60035ec3e8e5c62.yaml

diff --git a/releasenotes/notes/sign-images-cosign-b60035ec3e8e5c62.yaml b/releasenotes/notes/sign-images-cosign-b60035ec3e8e5c62.yaml
new file mode 100644 (file)
index 0000000..2ca95d0
--- /dev/null
+++ b/releasenotes/notes/sign-images-cosign-b60035ec3e8e5c62.yaml
@@ -0,0 +1,7 @@
+---
+features:
+  - |
+    Use Sigstore Cosign to sign docker images and push signature.
+    In order to enable, the project needs to create their keypair and
+    credentials in Jenkins for cosign-password (keypair password) and
+    cosign-private-key.