Josh DuffneyIn this series, you'll learn how to digitally sign a container image hosted in Azure Container Registry using Notary with a GitHub workflow.
Notary is a CNCF project that provides a set of tools that help you sign, store, and verify OCI artifacts using OCI-conformant registries. Digitally signing artifacts is one of many steps you can take to secure your software supply chains and improve the security of your software.
By the end of this series, you'll have a GitHub workflow that builds a simple web app container image, pushes that image to ACR, and signs the container image with Notation.
Prerequisites
Create a new repository with the template
A sample repository is provided to give you all the scaffolding needed to setup a GitHub workflow for signing container images using Notary.
Complete the following steps to create a new repository using the template.
- Go to the acr-notary-sign-images-sample.
- Click Use this template.
- Select an Owner and enter a Repository name, then click Create repository from template.
- Wait for the template to create, then the click Code button Under the Clone section, copy the URL.
-
Next open a terminal window and use the
git clonecommand to pull down the new repository.
git clone <yourRepoURLHere>
Next steps
Continue to the next article to deploy the required Azure resources.
