Build and push the container image to GHCR, then generate the CycloneDX SBOM using Syft: syft scan <IMAGE>:<TAG> -o cyclonedx-json=sbom.cdx.json
In a GitHub Actions workflow, authenticate to Sigstore using the GITHUB_TOKEN-backed OIDC identity; cosign 2.x picks up the OIDC token from the environment automatically when running in GitHub Actions with id-token: write permission
Attest the SBOM using: cosign attest --type cyclonedx --predicate sbom.cdx.json <IMAGE>@<DIGEST> — use the image digest (not tag) as the reference to ensure the attestation is bound to an immutable identifier
cosign attest uploads the attestation as an OCI referrer to the same registry namespace; verify it with cosign verify-attestation --type cyclonedx --certificate-oidc-issuer https://token.actions.githubusercontent.com --certificate-identity-regexp <WORKFLOW_REF> <IMAGE>@<DIGEST>
Inspect the stored attestation using crane ls <IMAGE> to see referrer tags, or use the OCI referrers API to enumerate all attached artifacts
Known gotchas
cosign 2.x removed the COSIGN_EXPERIMENTAL environment variable; keyless signing is now the default behavior and does not require setting any special environment variable
Attestations are stored in the registry as OCI referrers; registries that do not support the OCI Distribution 1.1 referrers API fall back to a tag-based storage scheme using a specially formatted tag, which may break namespace policies
The --type flag must match a known predicate type URI or a recognized short alias; using an unrecognized type string will cause cosign to reject the attestation during verification
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp