Signing Container with Notary and GitHub Actions on Azure

joshduffney

Josh Duffney

Posted on November 2, 2022

Signing Container with Notary and GitHub Actions on Azure

In this series, you'll learn how to digitally sign a container image hosted in Azure Container Registry using Notary with a GitHub workflow.

Notary is a CNCF project that provides a set of tools that help you sign, store, and verify OCI artifacts using OCI-conformant registries. Digitally signing artifacts is one of many steps you can take to secure your software supply chains and improve the security of your software.

By the end of this series, you'll have a GitHub workflow that builds a simple web app container image, pushes that image to ACR, and signs the container image with Notation.

Prerequisites

Create a new repository with the template

A sample repository is provided to give you all the scaffolding needed to setup a GitHub workflow for signing container images using Notary.

Complete the following steps to create a new repository using the template.

  1. Go to the acr-notary-sign-images-sample.
  2. Click Use this template. Image description
  3. Select an Owner and enter a Repository name, then click Create repository from template. Image description
  4. Wait for the template to create, then the click Code button Under the Clone section, copy the URL. Image description
  5. Next open a terminal window and use the git clone command to pull down the new repository.

    git clone <yourRepoURLHere>
    

Next steps

Continue to the next article to deploy the required Azure resources.

💖 💪 🙅 🚩
joshduffney
Josh Duffney

Posted on November 2, 2022

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related