This article takes a detailed look at image signatures created by Notation, which is one of several tools to create and verify Docker images. Introduction Notation (formerly known as “Notary V2”) is one of the CLI tools under the Notary Project umbrella. Notary Project is a set of specifications and tools to sign and verify ... Read more| AugmentedMind.de
Introduction to SBOM and provenance attestations with Docker Build, what they are, and why they exist| Docker Documentation
Attacks can occur at every link in a typical software supply chain, and these kinds of attacks are increasingly public, disruptive, and costly in today’s environment. This page is an introduction to possible attacks throughout the supply chain and how SLSA could help.| SLSA
A comprehensive technical analysis of supply chain threats and their corresponding mitigations in SLSA.| SLSA
SLSA is organized into a series of levels that provide increasing supply chain security guarantees. This gives you confidence that software hasn’t been tampered with and can be securely traced back to its source. This page is a descriptive overview of the SLSA levels and tracks, describing their intent.| SLSA