edu icon indicating copy to clipboard operation
edu copied to clipboard
verified publisher icon chainguard-dev

[Images] Include additional demonstration of SBOM and Signature features

Open erikaheidi opened this issue 3 years ago • 0 comments

As suggested by @danpopnyc :

We should include a demonstration / proof of the additional features built-in with Chainguard Images: SBOMs and Signatures. Currently the overview page has a CVE comparison graph that proves the point of "less CVEs", and we can add the commands to check and demonstrate the Sigstore queries for SBOM and container signatures:

COSIGN_EXPERIMENTAL=1 cosign verify cgr.dev/chainguard/nginx | jq

and

COSIGN_EXPERIMENTAL=1 cosign download sbom cgr.dev/chainguard/nginx | jq

The question is: is the Overview page the right place to include these, considering we also want to include the output and it can make the page very long? Should we have an additional page for these instructions that we can link from other places? With a separate page we may be able to use an interactive terminal (just an idea).

Cc @ltagliaferri @jamonation @SharpRake

erikaheidi avatar Sep 23 '22 14:09 erikaheidi