An in-depth look at SBOM and build provenance Docker image attestation created by Docker/BuildKit, and the major problem of lacking verifiability.| AugmentedMind.de
A comparison of tools to sign/verify Docker images and create image attestations, explaining important concepts & providing tool recommendations.| AugmentedMind.de
Use Docker Scout to extract the SBOM for your project.| Docker Documentation
Add SBOM and provenance attestations to your images with GitHub Actions| Docker Documentation
Docker Scout image analysis provides a detailed view into the composition of your images and the vulnerabilities that they contain| Docker Documentation
Policies in Docker Scout let you define supply chain rules and thresholds for your artifacts, and track how your artifacts perform against those requirements over time| Docker Documentation