title

Annotate container images with build provenance using Cosign in GitLab CI/CD

charset

utf-8

viewport

width=device-width,initial-scale=1

Content-Security-Policy

default-src 'self' https: http:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: *.googletagmanager.com; style-src 'self' 'unsafe-inline' https: http: https://fonts.googleapis.com; object-src https: http:; base-uri 'self'; connect-src 'self' https: http: wss: ws: *.google-analytics.com *.analytics.google.com *.googletagmanager.com; frame-src 'self' https: http:; img-src 'self' https: http: data: *.google-analytics.com *.googletagmanager.com; manifest-src 'self'; media-src 'self' https: http:; child-src 'self' blob: https: http:; font-src 'self' https: http: data: https://fonts.gstatic.com;

format-detection

telephone=no

og:title

Annotate container images with build provenance using Cosign in GitLab CI/CD

og:description

Use GitLab pipelines to automate building, signing, and annotating Docker images. This tutorial shares code to show you how. Try it out in your own organization.

og:image

https://images.ctfassets.net/r9o86ar0p03f/2w6waL76KROjhJHM2vXet6/34bb171a7a3dd65a61999612cc89d9f4/blog-image-template-1800x945__23_.png?fm=webp&w=820&h=500

og:url

https://about.gitlab.com/blog/2024/09/04/annotate-container-images-with-build-provenance-using-cosign-in-gitlab-ci-cd/

og:type

article

twitter:card

summary_large_image

twitter:site

@GitLab

alternate

/atom.xml

alternate

/all-releases.xml

alternate

/security-releases.xml

alternate

/releases.xml

apple-touch-icon

/blog/nuxt-images/ico/apple-touch-icon-57x57.png?cache=2022041

x-default

https://about.gitlab.com/blog/2024/09/04/annotate-container-images-with-build-provenance-using-cosign-in-gitlab-ci-cd/