Secure the software supply chain with AWS Signer for signing and validating OCI artifacts

Introduction:

The adoption of containers grows, so does the need to ensure the integrity and authenticity of the software artifacts that make up these applications.

Beyond just the container images themselves, organizations are required to secure additional metadata files, such as Common Vulnerabilities and Exposure (CVE) scan results, Software Bill of Materials (SBOM), and Helm charts, that provide critical information about the components and dependencies of their containerized applications.

Ensuring the provenance and trustworthiness of these artifacts is essential for …

adoption applications artifacts authenticity aws beyond container container images containers cve exposure files images integrity introduction make up metadata oci organizations signing software software supply chain supply supply chain vulnerabilities