Merge pull request #86 from DefGuard/update_security_cosign

update security page with Cosign & Trivy

Author: wojcik91

.gitignore

@@ -19,3 +19,7 @@ pnpm-debug.log*
 
 # macOS-specific files
 .DS_Store
+
+# direnv
+.envrc
+.direnv/

flake.lock

@@ -0,0 +1,28 @@
+{
+  description = "Astro development flake";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    flake-utils.url = "github:numtide/flake-utils";
+  };
+
+  outputs = {
+    nixpkgs,
+    flake-utils,
+    ...
+  }:
+    flake-utils.lib.eachDefaultSystem (system: let
+      pkgs = import nixpkgs {
+        inherit system;
+      };
+    in {
+      devShells.default = pkgs.mkShell {
+        packages = with pkgs; [
+          nodejs_24
+          pnpm
+          # TS/JS LSP
+          vtsls
+        ];
+      };
+    });
+}

flake.nix

@@ -266,6 +266,26 @@ const tags = [
       </div>
     </FlexibleSection>
 
+    <FlexibleSection leftRatio={1} title="Verifiability of releases" theme="light">
+      <div slot="left">
+        <ul>
+          <li>
+            Authenticity and integrity of all release assets can be verified.
+          </li>
+          <li>
+            All official Docker images are signed using
+            <a href="https://github.com/sigstore/cosign">Cosign</a>
+            and automatically scanned for known vulnerabilities with
+            <a href="https://trivy.dev/">Trivy</a>.
+          </li>
+          <li>
+            All release assets (binaries, packages, etc.) include SHA256 checksums
+            that are automatically generated and published with each GitHub <a href="https://github.com/DefGuard/defguard/releases">release</a>.
+            </li>
+        </ul>
+      </div>
+    </FlexibleSection>
+
     <FlexibleSection
       leftRatio={1}
       title="Found a security vulnerability in Defguard?"