This article takes a detailed look at GitHub's attestation feature, one of several options for creating and verifying attestations for Docker images and files.| AugmentedMind.de
Learn how Cosign creates Docker image signing (and attestations, such as SBOMs) and how to automatically verify them, e.g. in Kubernetes.| AugmentedMind.de
This article takes a detailed look at image signatures created by Notation, which is one of several tools to create and verify Docker images. Introduction Notation (formerly known as “Notary V2”) is one of the CLI tools under the Notary Project umbrella. Notary Project is a set of specifications and tools to sign and verify ... Read more| AugmentedMind.de
A comparison of tools to sign/verify Docker images and create image attestations, explaining important concepts & providing tool recommendations.| AugmentedMind.de
Use Docker Scout to extract the SBOM for your project.| Docker Documentation
Description of SLSA provenance specification for verifying where, when, and how something was produced.| SLSA
Introduction to SBOM and provenance attestations with Docker Build, what they are, and why they exist| Docker Documentation