Docker Image Verification(3.1)

All  images are signed with the [cosign] ( tool. 

In order to verify the signature of the docker images, install the "cosign" command line tool.

To verify the image:

  1. Save the following public key to file:

    -----BEGIN PUBLIC KEY-----
    -----END PUBLIC KEY-----
  2. Execute the following command:

    cosign verify --key<tag>


    cosign verify --key


    Verification for --
    The following checks were performed on each of these signatures:
      - The cosign claims were validated
      - The signatures were verified against the specified public key
    [{"critical":{"identity":{"docker-reference":""},"image":{"docker-manifest-digest":"sha256:a91a8b812fb3c0cba61dd0247b9dbc6ffe2e8cefdba55ee5021df61ec23c29fd"},"type":"cosign container image signature"},"optional":null}]