Generate an SBOM for the image using Syft or Trivy and save it to a file (e.g., sbom.cdx.json).
Run cosign attest --predicate sbom.cdx.json --type cyclonedx <image-digest-reference> using the image's digest (not tag) reference; if using keyless signing, the command will use the ambient OIDC token from the CI environment.
Verify the attestation was stored by running cosign verify-attestation --type cyclonedx <image-digest-reference> and inspecting the returned predicate JSON.
In a downstream deployment gate, run cosign verify-attestation with --certificate-identity and --certificate-oidc-issuer flags to enforce that the attestation was created by the expected CI workflow identity.
Optionally pipe the verified predicate to a policy check (e.g., cosign verify-attestation ... | jq ... | opa eval) to enforce that the SBOM meets component or license policies.
Known gotchas
cosign attest must target a digest reference, not a tag; using a tag can result in the attestation being attached to a different image if the tag is mutated between build and attest steps.
Attestations stored in the OCI registry are not automatically included in image pulls; consumers must explicitly run cosign verify-attestation to retrieve and verify them.
The predicate type string must match exactly between attest and verify-attestation calls; for CycloneDX, the canonical type URI is defined in the cosign documentation — verify the exact string for your cosign version.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp