Container image signing and verification tool for supply chain security
Container Signing
cosign
$ cosign sign --key cosign.key ghcr.io/myorg/myimage:latest
$ cosign verify --key cosign.pub ghcr.io/myorg/myimage:latest
$ cosign generate-key-pair