/
Docker Image Verification(4.2)

Docker Image Verification(4.2)

Jun 03, 2024

All

 images are signed with the [cosign] (https://github.com/sigstore/cosign) tool. 

In order to verify the signature of the docker images, install the "cosign" command line tool.

To verify the image:

  1. Save the following public key to cosign.pub file:

    -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEU95nqvgnrhrxLLU33rK6lt5qQZVU AUUEor1i8IGMQQnUOrnH0aRHv5i2AxX3vlgHIRtCUWyxtY52GSakFsNQMQ== -----END PUBLIC KEY-----

  2. Execute the following command:

    cosign verify --key cosign.pub ghcr.io/digitalroute-public/usage-engine-private-edition:<tag>