Cosign: verify tracee signature

Prerequisites

Before you begin, ensure that you have the following:

• cosign

Verify tracee signature

Tracee images are signed with cosign keyless. To verify the signature we can run the command:

cosign verify aquasec/tracee:v0.18.1  --certificate-oidc-issuer https://token.actions.githubusercontent.com --certificate-identity-regexp https://github.com/aquasecurity/tracee | jq