DEV Community 👩‍💻👨‍💻

Cover image for Signing Container with Notary and GitHub Actions on Azure
Josh Duffney for Microsoft Azure

Posted on

Signing Container with Notary and GitHub Actions on Azure

In this series, you'll learn how to digitally sign a container image hosted in Azure Container Registry using Notary with a GitHub workflow.

Notary is a CNCF project that provides a set of tools that help you sign, store, and verify OCI artifacts using OCI-conformant registries. Digitally signing artifacts is one of many steps you can take to secure your software supply chains and improve the security of your software.

By the end of this series, you'll have a GitHub workflow that builds a simple web app container image, pushes that image to ACR, and signs the container image with Notation.

Prerequisites

Create a new repository with the template

A sample repository is provided to give you all the scaffolding needed to setup a GitHub workflow for signing container images using Notary.

Complete the following steps to create a new repository using the template.

  1. Go to the acr-notary-sign-images-sample.
  2. Click Use this template. Image description
  3. Select an Owner and enter a Repository name, then click Create repository from template. Image description
  4. Wait for the template to create, then the click Code button Under the Clone section, copy the URL. Image description
  5. Next open a terminal window and use the git clone command to pull down the new repository.

    git clone <yourRepoURLHere>
    

Next steps

Continue to the next article to deploy the required Azure resources.

Top comments (0)

Let's team up together 🤝

We're Hiring

We're hiring for a Senior Full Stack Engineer to join the DEV team. Want the deets? Head here to learn more about who we're looking for.