Signing and Validating OCI Artifacts with AWS Signer
Containers Blog
This article discusses signing and validating OCI artifacts (such as SBOM, CVE scans, Helm charts) along with container images using AWS Signer. It highlights the importance of signing these artifacts to establish trust and ensure integrity throughout the software development lifecycle.
Specifically, the article covers:
- Introduction to OCI artifacts and their role in providing visibility into the security posture of container images
- Organizational use cases for signing OCI artifacts alongside images for security, compliance, and deployment purposes
- A sample software development pipeline involving AWS services like CodeCommit, CodeBuild, and ECS to build, sign, verify, and deploy container images and associated OCI artifacts
- Walkthrough of deploying a reference AWS CDK application that demonstrates the end-to-end process of signing and verifying OCI artifacts using AWS Signer
- Conclusion highlighting the benefits of using AWS Signer for securing the software supply chain
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Jul 24
2024
2024
AWS Signer open sources Notation plugin for container image signing
Nov 25
2024
2024
AWS Artifact enhances agreements with improved access control and tracking
Nov 21
2025
2025
Streamline container image signatures with Amazon ECR managed signing
Nov 22
2024
2024
Announcing AWS STS support for ECDSA-based signatures of OIDC tokens
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.