Use Docker Content Trust (DCT) to sign Docker Containers

[bsper2]

Use Case

Our security team is uneasy that the docker containers used for pupperware hosted at https://hub.docker.com/u/puppet are not signed with a Docker Content Trust Key. Which makes verifying the software supply chain difficult for security vetting purposes.

Describe the Solution You Would Like

Would you be able to start using keys to sign containers published on docker.com?

Additional Context

Info about Docker Content Trust can be found here : https://docs.docker.com/engine/security/trust/